Bing Data Leak Exposes Search Queries, Location Data, More

The Wizcase security team discovered a Microsoft Bing data leak due to an unsecured server. The server was password protected until the first week of September, then it was removed. The team notified Microsoft on September 13, and the company quickly insured it on September 16.

Microsoft Bing data loss

Here are some of the types of data included in the leak:

  • Search terms, including the exact time the search was performed
  • Position coordinates
  • Firebase notification token
  • Coupon data
  • A partial list of URLs people visited from search results
  • Device model and operating system

Wizcase reports that between 10 and 12 September the server was the target of a Meow attack that wiped almost the entire database. A second Meow attack occurred on September 14.

Even if a user’s email address is not included in the exposed data, there is enough user data for the hacker to find a person’s identity. Once they have a name, address, and place of work, getting an email address isn’t that hard. As a general rule, never click on a link that is not from a trusted source.