Cluster of 295 Chrome extensions caught hijacking Google and Bing search results
The malicious Chrome extensions have been installed by more than 80 million users.
More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.
The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store.
A subsequent investigation into the fake ad blockers unearthed a larger group of malicious activity spreading across 295 extensions.
https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results
#google #chrome #bing #extensions #hijack
The malicious Chrome extensions have been installed by more than 80 million users.
More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.
The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company's staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store.
A subsequent investigation into the fake ad blockers unearthed a larger group of malicious activity spreading across 295 extensions.
https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results
#google #chrome #bing #extensions #hijack
Bing mobile apps suffered a data leak, leaking 6.5TB of search data
Microsoft’s Bing mobile apps, available on Android and iOS, have been the victim of a data leak. Security researchers found an Elastic server that had its password protection removed, reportedly as a “misconfiguration” of the server, which has resulted in 6.5TB of search data being made available publicly on the internet, which grew by up to 200GB per day.
Security researchers from WizCase found the unprotected server on September 12, although the authentication is estimated to have been removed 2 days prior. After discovering the data was coming from Bing’s mobile apps, by performing a search themselves and seeing it appear in the data, the researchers contacted Microsoft on September 13, and the information was given to Microsoft’s Security Response Centre, who acted to resolve the problem a few days later.
The data leak has exposed a trove of data that Microsoft collects from users who use the Bing mobile apps. The data included:
✅ Search terms (excluding any searches in ‘private’ mode)
✅ GPS coordinates (if location permissions are enabled, with a ~500 metre accuracy)
✅ Date and time of the search
✅ Firebase notification tokens
✅ Coupon data
✅ Partial list of the URLs visited by the user from the search results
✅ Device model
✅ Operating system
✅ 3 unique identifiers, including:
⭕️ ADID: possibly an identifier for a Microsoft Account
⭕️ deviceID
⭕️ devicehash
None of the data was encrypted.
https://www.onmsft.com/news/microsoft-bing-data-leak
#Microsoft #Bing #mobile #app #dataleaks
Microsoft’s Bing mobile apps, available on Android and iOS, have been the victim of a data leak. Security researchers found an Elastic server that had its password protection removed, reportedly as a “misconfiguration” of the server, which has resulted in 6.5TB of search data being made available publicly on the internet, which grew by up to 200GB per day.
Security researchers from WizCase found the unprotected server on September 12, although the authentication is estimated to have been removed 2 days prior. After discovering the data was coming from Bing’s mobile apps, by performing a search themselves and seeing it appear in the data, the researchers contacted Microsoft on September 13, and the information was given to Microsoft’s Security Response Centre, who acted to resolve the problem a few days later.
The data leak has exposed a trove of data that Microsoft collects from users who use the Bing mobile apps. The data included:
✅ Search terms (excluding any searches in ‘private’ mode)
✅ GPS coordinates (if location permissions are enabled, with a ~500 metre accuracy)
✅ Date and time of the search
✅ Firebase notification tokens
✅ Coupon data
✅ Partial list of the URLs visited by the user from the search results
✅ Device model
✅ Operating system
✅ 3 unique identifiers, including:
⭕️ ADID: possibly an identifier for a Microsoft Account
⭕️ deviceID
⭕️ devicehash
None of the data was encrypted.
https://www.onmsft.com/news/microsoft-bing-data-leak
#Microsoft #Bing #mobile #app #dataleaks
OnMSFT.com
Bing mobile apps suffered a data leak, leaking 6.5TB of search data
Microsoft’s Bing mobile apps, available on Android and iOS, have been the victim of a data leak. Security researchers found an Elastic server that had its password protection removed, reporte…