September 21, 2020 By Lindsey O'Donnell
Data exposed included search terms, location coordinates, and device information – but no personal data.
An unsecured database has exposed sensitive data for users of Microsoft’s Bing search engine mobile application – including their location coordinates, search terms in clear text and more.
While no personal information, like names, were exposed, researchers with Wizcase argued that enough data was available that it would be possible to link these search queries and locations to user identities — giving bad actors information ripe for blackmail attacks, phishing scams and more.
The data was related to the mobile-app version of Microsoft Bing, housed in a 6.5 terabyte (TB) server owned by Microsoft. Researchers believe the server was password-protected until Sept. 10, two days before they uncovered the issue on Sept. 12. Microsoft was alerted to the exposed data on Sept. 13, and secured the server on Sept. 16.
