Bing mobile app database left open to hackers, millions of user data sets compromised

Posted:
in General Discussion
Bing mobile app users on every platform including iOS and iPadOS are at risk after terabytes of user information have been stolen from an open server.

Bing mobile app leaked millions of user's data
Bing mobile app leaked millions of user's data


Bing is the search engine owned by Microsoft and data related to the mobile app for iOS and Android has been found in an open server. The server had over 6.5TB of data and was growing by 200GB per day upon discovery.

The white hat hacker group WizCase discovered the open server on September 12, which had been secure until September 10 according to the group. Microsoft was alerted on September 13 after the server owner was discovered. The open server was secured by the Microsoft Security Response Center on September 16.

WizCase was able to identify an exfiltration of the data, and a subsequent "Meow" attack on the data during the open window. A Meow attack is an automated attack to an open server which aims to delete a large portion or all of the data in the server. This Meow attack deleted nearly the entire database.

Nearly 100 million records had been collected by bad-actors by the time a second Meow attack hit the server on September 14. Many types of hackers had access to the data while the server was open, so much or all of the data could have been collected.

What does this mean for users?

An open server filled with terabytes of user data is a treasure trove for bad-acting hackers. The data included in the server included the following:
  • plain-text search terms
  • Location coordinates of users with location enabled
  • Exact time of search
  • Firebase notification tokens
  • Coupon data for result terms
  • A partial list of URLs visited within search results
  • Device model
  • deviceID, devicehash, and ADID for the user's device
This database can be searched to locate specific users based on queries or locations, which can lead to fraud, blackmail, phishing, or physical threat. The team at WizCase were able to identify specific users who had searched for child pornography, weapons, or where to attack specific groups of people.

Anyone could have downloaded the contents of the server during the six-day window. Internet-based assailants could target anyone who used the mobile app whose data is present in this server. To protect yourself ensure you do not open strange emails and use alternative search engines like DuckDuckGo, which does not collect user data.

Comments

  • Reply 1 of 13
    BeatsBeats Posts: 2,633member
    Oh no! The personal data that was to be used by Microsoft only is available to hackers now! Bad BAD hackers!!
    watto_cobra
  • Reply 2 of 13
    Rayz2016Rayz2016 Posts: 6,957member
    … a disturbance in the force, as though a million lawyers climaxed at once then reached for their Rolodexes …


    edited September 2020 beeble42FileMakerFellerwatto_cobra
  • Reply 3 of 13
    sflocalsflocal Posts: 5,816member
    It just goes to show how irresponsible humans are.  Nothing will become of this. It’s like Android.  Everyone knows there’s no real security so it’s accepted.
    Beatswatto_cobra
  • Reply 4 of 13
    Wait... “millions” of people still use Bing? Why?
    randominternetpersonwatto_cobra
  • Reply 5 of 13
    BeatsBeats Posts: 2,633member
    Wait... “millions” of people still use Bing? Why?

    Because it's safer than Google sadly.
    watto_cobra
  • Reply 6 of 13
    Wait... “millions” of people still use Bing? Why?
    Who knew that Bing even had a "mobile app" for iOS?
    watto_cobra
  • Reply 7 of 13
    Remember not so long ago, Microsoft said it would secure the data of US citizens using the TikTok app. 
    BeatsFileMakerFellerwatto_cobra
  • Reply 8 of 13
    Sad that technical searches from Google return more accuracy on Microsoft URLs than their own Bing ... Windows 10 and the Bong bar EPIC FAIL
    watto_cobra
  • Reply 9 of 13
    Wait... “millions” of people still use Bing? Why?
    "searched for child pornography, weapons, or where to attack specific groups of people."

    Obviously!

     :/ 
    watto_cobra
  • Reply 10 of 13
    Beats said:
    Wait... “millions” of people still use Bing? Why?

    Because it's safer than Google sadly.
    Bing ... is not safer than Google. They have the same business model regarding search, data and ads that Google does. Lots of web companies do ... just about everyone in fact. Google wasn't even the first. It is just that thanks to Snowden and then the 2016 election, Google is everyone's scapegoat, along with Facebook. 

    The reason why people use Bing ... tons of Microsoft loyalists DO exist you know. Those people are why Surface devices not only exist but generally meet their sales goals. So if you are totally invested in the Microsoft ecosystem then Edge is going to be your browser and you are not going to change the default search engine from Bing to Google (the Microsoft loyalists hate Google as much as the Apple ones do). 

    So as far as search engines go, "safer than Google" is basically GoDuckGo. Everyone else collects data and sells it for targeted ads just like Google does. Because ... how else are these companies going to make money? Exactly. 
    muthuk_vanalingamrandominternetperson
  • Reply 11 of 13
    Wait... “millions” of people still use Bing? Why?
    Who knew that Bing even had a "mobile app" for iOS?
    Yeah,  some people know about it.  I’ve used it on iOS for about 4 years now.  They also have it for android as well
    edited September 2020 watto_cobra
  • Reply 12 of 13
    Wait... “millions” of people still use Bing? Why?
    Probably because they like it?
    watto_cobra
  • Reply 13 of 13
    M68000 said:
    Wait... “millions” of people still use Bing? Why?
    Probably because they like it?
    Probably they’re all good enough. 
    watto_cobra
Sign In or Register to comment.