6.5TB of Microsoft Bing user data potentially leaked online

A server containing user data was left unprotected in the first week of September, researchers say

The mobile app for Microsoft's Bing search engine

Approximately 6.5TB of Microsoft Bing user data may have been left exposed online for two days after an Elasticsearch sever was left unsecured and open to the internet.

Data relating to search queries, device details, and GPS coordinates were found in a database by online security site WizCase, which was then able to trace the server back to Bing's mobile app.

The server was said to be growing by as much as 200GB per day while exposed, according to Ata Hakcil, a white hat hacker who also served as lead investigator for the website.

A link between the server and Bing was eventually found after researchers ran a search query for "WizCase" on the Bing mobile app and then paired the query data with that held on the server.

Exposed data included search terms in clear text, search times, locations, notification tokens, a partial list of URLs users visited from their search results, device models they used, their operating systems and three separate ID numbers (ADID, deviceID and devicehash) assigned to each user.

The server is believed to have been password protected until around the 10th September, with the server eventually being discovered by the WizCase team two days later. By the 16th September, Microsoft had been alerted and had encrypted the server once more.

The team believes that anyone who had used Bing's mobile app for internet searches between the 10th and 16th September may have had their data leaked online.

Researchers also believe that during this period the database was subject to what's known as a "meow" attack – an automated attack that targets unsecured Elasticsearch servers and destroys huge volumes of data without explanation or reason.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
The definitive guide to IT security
Whitepaper

The definitive guide to IT security

9 Apr 2021
Ubiquiti insider says the company downplayed the severity of a major breach
data breaches

Ubiquiti insider says the company downplayed the severity of a major breach

31 Mar 2021
Forex broker FBS leaves millions of customer records exposed
data breaches

Forex broker FBS leaves millions of customer records exposed

25 Mar 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021