The Wizcase security team discovered a Microsoft Bing data leak due to an unsecured server. The server was protected with a password until the first week of September, then it was removed. The team alerted Microsoft on September 13 and the company quickly secured it on September 16.
Microsoft Bing Data Leak
Here are some of the types of data included in the leak:
- Search terms, including the exact time the search was made
- Location coordinates
- Firebase notification tokens
- Coupon data
- A partial list of URLs people visited from search results
- Device Model and operating system
Wizcase reports that between September 10-12 the server was the target of a Meow attack that deleted nearly the whole database. A second Meow attack occurred on September 14.
Even though a userās email address isnāt included in the exposed data, there is enough user data for the hacker to find a personās identity. Once they have a name, address, and place of employment, getting an email address isnāt that difficult. As a general rule, never click on a link that doesnāt come from a trusted source.
