Security News > 2020 > September > Unsecured Microsoft Bing Server Leaks Search Queries, Location Data
An unsecured database has exposed sensitive data for users of Microsoft's Bing search engine mobile application - including their location coordinates, search terms in clear text and more.
While no personal information, like names, were exposed, researchers with Wizcase argued that enough data was available that it would be possible to link these search queries and locations to user identities - giving bad actors information ripe for blackmail attacks, phishing scams and more.
"Based on the sheer amount of data, it is safe to speculate that anyone who has made a Bing search with the mobile app while the server has been exposed is at risk," said Chase Williams, researcher with Wizcase, in a Monday post.
In addition to users' search terms that were in clear text, the server also revealed the time of the search being executed, Firebase Notification Tokens, device models, a partial list of the URLs visited from search results, coupon data that included information about when a coupon code was copied, operating system data and unique ID numbers.
In addition to the Meow hackers, this data was potentially exposed to other types of hackers and scammers, which could lead to a variety of blackmailing and phishing attacks against users of the Bing mobile app, researchers warned - particularly when it comes to search queries.
News URL
https://threatpost.com/microsoft-bing-search-queries/159407/
Related news
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)
- Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues (source)