Broken link hijacking (BLH) is a type of web attack. It exploits external links that are no longer valid. If your website or web application uses resources loaded from external URLs or points to such resources and these resources are no longer there (for example due to an expired domain), attackers can exploit these links to perform defacement, impersonation, or even to launch cross-site scripting attacks.

Defacement using Expired Links

If your company uses an external link shortening service, for example, to include short links in tweets, it may be possible that the link shortener goes out of business after some time and is no longer valid. This means that all your old links are now broken.

If an attacker purchases the domain used by the link shortening service that went out of business, they can substitute your original content with their own malicious content. Twitter and other social media sites often automatically parse such links and include any visual content such as a video. Therefore, the attacker could include offensive videos in all your old posts.

Read the rest at: