Bing mobile apps suffered a data leak, leaking 6.5TB of search data
Microsoft’s Bing mobile apps, available on Android and iOS, have been the victim of a data leak. Security researchers found an Elastic server that had its password protection removed, reportedly as a “misconfiguration” of the server, which has resulted in 6.5TB of search data being made available publicly on the internet, which grew by up to 200GB per day.
Security researchers from WizCase found the unprotected server on September 12, although the authentication is estimated to have been removed 2 days prior. After discovering the data was coming from Bing’s mobile apps, by performing a search themselves and seeing it appear in the data, the researchers contacted Microsoft on September 13, and the information was given to Microsoft’s Security Response Centre, who acted to resolve the problem a few days later.
The data leak has exposed a trove of data that Microsoft collects from users who use the Bing mobile apps. The data included:
✅ Search terms (excluding any searches in ‘private’ mode)
✅ GPS coordinates (if location permissions are enabled, with a ~500 metre accuracy)
✅ Date and time of the search
✅ Firebase notification tokens
✅ Coupon data
✅ Partial list of the URLs visited by the user from the search results
✅ Device model
✅ Operating system
✅ 3 unique identifiers, including:
⭕️ ADID: possibly an identifier for a Microsoft Account
⭕️ deviceID
⭕️ devicehash
None of the data was encrypted.
https://www.onmsft.com/news/microsoft-bing-data-leak
#Microsoft #Bing #mobile #app #dataleaks
Microsoft’s Bing mobile apps, available on Android and iOS, have been the victim of a data leak. Security researchers found an Elastic server that had its password protection removed, reportedly as a “misconfiguration” of the server, which has resulted in 6.5TB of search data being made available publicly on the internet, which grew by up to 200GB per day.
Security researchers from WizCase found the unprotected server on September 12, although the authentication is estimated to have been removed 2 days prior. After discovering the data was coming from Bing’s mobile apps, by performing a search themselves and seeing it appear in the data, the researchers contacted Microsoft on September 13, and the information was given to Microsoft’s Security Response Centre, who acted to resolve the problem a few days later.
The data leak has exposed a trove of data that Microsoft collects from users who use the Bing mobile apps. The data included:
✅ Search terms (excluding any searches in ‘private’ mode)
✅ GPS coordinates (if location permissions are enabled, with a ~500 metre accuracy)
✅ Date and time of the search
✅ Firebase notification tokens
✅ Coupon data
✅ Partial list of the URLs visited by the user from the search results
✅ Device model
✅ Operating system
✅ 3 unique identifiers, including:
⭕️ ADID: possibly an identifier for a Microsoft Account
⭕️ deviceID
⭕️ devicehash
None of the data was encrypted.
https://www.onmsft.com/news/microsoft-bing-data-leak
#Microsoft #Bing #mobile #app #dataleaks
OnMSFT.com
Bing mobile apps suffered a data leak, leaking 6.5TB of search data
Microsoft’s Bing mobile apps, available on Android and iOS, have been the victim of a data leak. Security researchers found an Elastic server that had its password protection removed, reporte…