6.5TB of Microsoft Bing user data potentially leaked online

A server containing user data was left unprotected in the first week of September, researchers say

The mobile app for Microsoft's Bing search engine

Approximately 6.5TB of Microsoft Bing user data may have been left exposed online for two days after an Elasticsearch sever was left unsecured and open to the internet.

Data relating to search queries, device details, and GPS coordinates were found in a database by online security site WizCase, which was then able to trace the server back to Bing's mobile app.

The server was said to be growing by as much as 200GB per day while exposed, according to Ata Hakcil, a white hat hacker who also served as lead investigator for the website.

A link between the server and Bing was eventually found after researchers ran a search query for "WizCase" on the Bing mobile app and then paired the query data with that held on the server.

Exposed data included search terms in clear text, search times, locations, notification tokens, a partial list of URLs users visited from their search results, device models they used, their operating systems and three separate ID numbers (ADID, deviceID and devicehash) assigned to each user.

The server is believed to have been password protected until around the 10th September, with the server eventually being discovered by the WizCase team two days later. By the 16th September, Microsoft had been alerted and had encrypted the server once more.

The team believes that anyone who had used Bing's mobile app for internet searches between the 10th and 16th September may have had their data leaked online.

Researchers also believe that during this period the database was subject to what's known as a "meow" attack – an automated attack that targets unsecured Elasticsearch servers and destroys huge volumes of data without explanation or reason.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Recommended

Misconfigured Git servers lead to Nissan data leak
hacking

Misconfigured Git servers lead to Nissan data leak

7 Jan 2021
BackupAssist teams with Wasabi to offer cheaper backup for businesses
backup

BackupAssist teams with Wasabi to offer cheaper backup for businesses

6 Jan 2021
Data: A resource much too valuable to leave unprotected
Whitepaper

Data: A resource much too valuable to leave unprotected

2 Dec 2020
Webhose and Signal Corp boost data breach detection
Security

Webhose and Signal Corp boost data breach detection

7 Oct 2020

Most Popular

School laptops sent by government arrive loaded with malware
malware

School laptops sent by government arrive loaded with malware

21 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021