Microsoft Bing App Data Leak Exposed User Info Online
The Microsoft Bing App suffered a huge data leak which exposed 6.5TB of user search data online due to an unsecure server.
Online security site Wizcase found the unsecure server and traced it back to the Bing mobile app, which has over 5 million downloads in the Google Play store alone.
The exposed data discovered by Wizcase included search queries, device details and GPS coordinates which came directly from the Bing app.
As the team investigated the leak, they found the 6.5TB server was growing by up to 200GB per day.
They speculate anyone who used the Bing app during the server leak could be at risk, as team members came across data from more than 70 countries. Wizcase first noticed it on September 12 and alerted Microsoft the next day.
Wizcase reached out to Microsoft and reported the exposed sever to the Microsoft Security Response Center (MSRC) and it was secured a few days later.
“From what we saw, between September 10th – 12th, the server was targeted by a Meow attack that deleted nearly the entire database. When we discovered the server on the 12th, 100 million records had been collected since the attack. There was a second Meow attack on the server on September 14,” Wizcase wrote in a blogpost.
The leaked data may potentially have been exposed to hackers and scammers and potential threats to Bing users could include blackmail, phishing scams and even physical attacks or robberies based on the GPS data left vulnerable.