The Wizcase security team discovered a Microsoft Bing data leak due to an unsecured server. The server was protected with a password until the first week of September, then it was removed. The team alerted Microsoft on September 13 and the company quickly secured it on September 16.
Microsoft Bing Data Leak
Here are some of the types of data included in the leak:
- Search terms, including the exact time the search was made
- Location coordinates
- Firebase notification tokens
- Coupon data
- A partial list of URLs people visited from search results
- Device Model and operating system
Wizcase reports that between September 10-12 the server was the target of a Meow attack that deleted nearly the whole database. A second Meow attack occurred on September 14.
Even though a user’s email address isn’t included in the exposed data, there is enough user data for the hacker to find a person’s identity. Once they have a name, address, and place of employment, getting an email address isn’t that difficult. As a general rule, never click on a link that doesn’t come from a trusted source.