Security News > 2020 > September > Unsecured Microsoft Bing Server Leaks Search Queries, Location Data

Unsecured Microsoft Bing Server Leaks Search Queries, Location Data
2020-09-21 20:07

An unsecured database has exposed sensitive data for users of Microsoft's Bing search engine mobile application - including their location coordinates, search terms in clear text and more.

While no personal information, like names, were exposed, researchers with Wizcase argued that enough data was available that it would be possible to link these search queries and locations to user identities - giving bad actors information ripe for blackmail attacks, phishing scams and more.

"Based on the sheer amount of data, it is safe to speculate that anyone who has made a Bing search with the mobile app while the server has been exposed is at risk," said Chase Williams, researcher with Wizcase, in a Monday post.

In addition to users' search terms that were in clear text, the server also revealed the time of the search being executed, Firebase Notification Tokens, device models, a partial list of the URLs visited from search results, coupon data that included information about when a coupon code was copied, operating system data and unique ID numbers.

In addition to the Meow hackers, this data was potentially exposed to other types of hackers and scammers, which could lead to a variety of blackmailing and phishing attacks against users of the Bing mobile app, researchers warned - particularly when it comes to search queries.


News URL

https://threatpost.com/microsoft-bing-search-queries/159407/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 365 50 1369 2819 161 4399