Security researchers from WizCase uncovered a massive data leak in the Microsoft Bing mobile app that exposes search queries, device details, and GPS coordinates.
Ata Hakcil uncovered the massive leak in the server owned by Microsoft for logging data related to its Bing mobile app.
Bing app used to perform millions of searches per day and it has more than 10,000,000 downloads on Google Play alone.
Hakcil confirmed his findings by running a search for “Wizcase” through a mobile app and while checking with the unprotected bing server “he found his information, including search queries, device details, and GPS coordinates, proving the exposed data comes directly from the Bing mobile app.”
The exposed server has records of search queries from more than 70 countries. The server believed to have exposed more than 6.5TB log files and the storage growing by 200GB per day.
According to the Wizcase scanner “server was password protected until the first week of September. Our team discovered the leak on September 12th, approximately two days after the authentication was removed.”
Users who used bing mobile app for searching in the meantime has been exposed is at risk. The following are the data exposed that includes;
The issue was reported to MSRC – Microsoft Security Response Center by September 13th and the server was secured on September 14.
In the meantime, researchers observed that Meow hackers attacked and deleted nearly the entire database. The second Meow attack on the server on September 14.
Meow hackers are known for destroying unsecured databases, they use some bots which overwrites all of the data, effectively destroying the contents of the database.
The data was exposed to all types of hackers and scammers, having the data attackers can launch a variety of attacks against users of the Bing mobile app.
If you are a bing mobile app user, pay a bit more attention to the when opening emails from unknown senders.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Also Read
Top 10 Best App Locks and Privacy Lock for Android Devices in 2020
Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware has…
Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as a…
The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black Banshee,”…
The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear phishing…
IPFire, the powerful open-source firewall, has unveiled its latest release, IPFire 2.29 – Core Update…
Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded by…