Security researchers have discovered that short URLs are able to be brute-forced, potentially exposing personal data to anyone motivated to look. The issue was found by Martin Georgiev and Vitaly Shmatikov after looking at the abbreviated web address
