CYBER BREACH: Unsecured Server Exposes Bing Mobile App Data
By Chase Williams via GEO´ PRChannel
Google Indexed at 08:26 on 220920
The WizCase online security team, led by white hat hacker Ata Hakcil, uncovered a massive data leak in a server owned by Microsoft logging data related to its Bing mobile app, available in both Google Play and App Store.
After the investigation led to the Microsoft Bing App, Hakcil confirmed his findings by downloading the app and running a search for “Wizcase.” While looking through the server, he found his information, including search queries, device details, and GPS coordinates, proving the exposed data comes directly from the Bing mobile app.
Hakcil and his team discovered a 6.5TB server and saw it was growing by as much as 200GB per day. Based on the sheer amount of data, it is safe to speculate that anyone who has made a Bing search with the mobile app while the server has been exposed is at risk. We saw records of people searching from more than 70 countries.
According to our scanner, the server was password protected until the first week of September.
Our team discovered the leak on September 12th, approximately two days after the authentication
After Hakcil confirmed the database belonged to the Bing app, the team alerted Microsoft on September 13th. They quickly responded to our message. We then reported the data leak to the MSRC – Microsoft Security Response Center and they secured it a few days later, on September 16th.
From what we saw, between September 10th – 12th, the server was targeted by a Meow attack that
deleted nearly the entire database. When we discovered the server on the 12th, 100 million records had been collected since the attack. There was a second Meow attack on the server on September 14.
In addition to the Meow hackers, this data was exposed to all types of hackers and scammers.
This could lead to a variety of attacks against users of the Bing mobile app.