Expert Commentary: Unsecured Microsoft Bing Server Exposed Users’ Search Queries And Location

It was recently revealed that a back-end server associated with Microsoft Bing exposed sensitive data of the search engine’s mobile application users, including search queries, device details, and GPS coordinates, among others. The data leak, discovered by WizCase on September 12, is a massive 6.5TB cache of log files that was left for anyone to access without any password, potentially allowing cybercriminals to leverage the information for carrying out extortion and phishing scams. According to WizCase, the Elastic server is believed to have been password protected until September 10, after which the authentication seems to have been inadvertently removed.


EXPERTS COMMENTS
Chris DeRamus , VP of Technology Cloud Security Practice,  Rapid7
September 24, 2020
For businesses looking to solidify their security measures, automation is the simplest and most effective way to protect sensitive data.
When a breach like this occurs, an unsecured server is almost always the reason - especially an Elasticsearch server, which accounted for 44% of all records exposed in 2018 and 2019 due to cloud misconfigurations, and was also the most common database breached across all platforms (20%). In this instance, the password protection was removed, thereby allowing anyone who came across this database co ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article