Tuesday, April 16, 2024

Microsoft Bing Server Leaks Search Queries, Location Data, and Device Details

Security researchers from WizCase uncovered a massive data leak in the Microsoft Bing mobile app that exposes search queries, device details, and GPS coordinates.

Ata Hakcil uncovered the massive leak in the server owned by Microsoft for logging data related to its Bing mobile app.

Bing app used to perform millions of searches per day and it has more than 10,000,000 downloads on Google Play alone.

Microsoft Bing Server Data Leak

Hakcil confirmed his findings by running a search for “Wizcase” through a mobile app and while checking with the unprotected bing server “he found his information, including search queries, device details, and GPS coordinates, proving the exposed data comes directly from the Bing mobile app.”

The exposed server has records of search queries from more than 70 countries. The server believed to have exposed more than 6.5TB log files and the storage growing by 200GB per day.

According to the Wizcase scanner “server was password protected until the first week of September. Our team discovered the leak on September 12th, approximately two days after the authentication was removed.”

Users who used bing mobile app for searching in the meantime has been exposed is at risk. The following are the data exposed that includes;

  • Search Terms in clear text excluding the ones entered in private mode
  • Location Coordinates
  • The exact time of the search
  • Firebase Notification Tokens
  • Coupon Data
  • URLs clicked from search results
  • Device model
  • Operating System
  • Unique ID(ADID, deviceID, devicehash)

The issue was reported to MSRC – Microsoft Security Response Center by September 13th and the server was secured on September 14.

In the meantime, researchers observed that Meow hackers attacked and deleted nearly the entire database. The second Meow attack on the server on September 14.

Meow hackers are known for destroying unsecured databases, they use some bots which overwrites all of the data, effectively destroying the contents of the database.

The data was exposed to all types of hackers and scammers, having the data attackers can launch a variety of attacks against users of the Bing mobile app.

If you are a bing mobile app user, pay a bit more attention to the when opening emails from unknown senders.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

A Bug With Firefox for Android Let Attackers Hijack without user Interaction on the Same WiFi Network

Top 10 Best App Locks and Privacy Lock for Android Devices in 2020

Website

Latest articles

Hacker Customize LockBit 3.0 Ransomware to Attack Orgs Worldwide

Cybersecurity researchers at Kaspersky have uncovered evidence that cybercriminal groups are customizing the virulent...

Microsoft .NET, .NET Framework, & Visual Studio Vulnerable To RCE Attacks

A new remote code execution vulnerability has been identified to be affecting multiple Microsoft...

LightSpy Hackers Indian Apple Device Users to Steal Sensitive Data

The revival of the LightSpy malware campaign has been observed, focusing on Indian Apple...

LightSpy Malware Attacking Android and iOS Users

A new malware known as LightSpy has been targeting Android and iOS users.This sophisticated...

This Startup Aims To Simplify End-to-End Cybersecurity, So Anyone Can Do It

The Web3 movement is going from strength to strength with every day that passes....

Alert! Palo Alto RCE Zero-day Vulnerability Actively Exploited in the Wild

In a recent security bulletin, Palo Alto Networks disclosed a critical vulnerability in its...

6-year-old Lighttpd Flaw Impacts Intel And Lenovo Servers

The software supply chain is filled with various challenges, such as untracked security vulnerabilities...

Top 3 SME Attack Vectors

Securing the Top 3 SME Attack Vectors

Cybercriminals are laying siege to small-to-medium enterprises (SMEs) across sectors. 73% of SMEs know they were breached in 2023. The real rate could be closer to 100%.

  • Stolen credentials
  • Phishing
  • Exploitation of vulnerabilities

Related Articles