Microsoft suffered from a cybersecurity data incident earlier this September after an IT employee reportedly left one of the backend servers of the Bing mobile app unsecured, reports ZD Net. The database exposed online revealed users’ location data and search queries.
The misconfigured server was discovered by a team of security researchers at WizCase, with the research led by Ata Hakcil. ZD Net states the findings by WizCase were first exclusively shared with them by the researchers.
Researchers call the incident a “Meow attack.” According to ThreatPost, a Meow attack is a type of attack that refers to ongoing attacks that started sometime in July. This type of attack has resulted in more than 1,000 unsecured servers that were permanently deleted.
Based on the findings of the WizCase researchers, the incident occurred “between September 10th – 12th, the server was targeted by Meow attack that deleted nearly the entire database. When we discovered the server on the 12th, 100 million records had been collected since the attack. There was a second Meow attack on the server on September 14.”
Among the information made vulnerable to the public include more than 13 billion user records revealing search queries and location coordinates. In total, the server was said to contain more than 6.5 terabytes of log files.
Besides search queries and location coordinates, WizCase reports that the Bing user data revealed an alarming amount of information directly exposed from the Bing mobile app. These include the exact time the search query was executed, Firebase Notification Tokens, and the device type or model.
Furthermore, the breach also provided insight regarding the users’ operating system, coupon data such as timestamps, and three different ID numbers assigned to each user, such as the deviceID, devicehash, and the ADID which is unique for each Microsoft account user notes WizCase.
The security researchers behind WizCase found predators and bad actors using the server to search for sexual abuse images and child pornography, with succeeding websites visited and opened after such queries.
The team also found “worrisome” searches related to guns, shooting incidents, and gun-relating shopping, and search terms such as “kill commies.”
After its discovery, the security research team reached out to Microsoft, with the tech giant admitting to its mistake. In an email to ZD Net, Microsoft has since issued a patch for the exposed server, saying “We’ve fixed a misconfiguration that caused a small amount of search query data to be exposed. After analysis, we’ve determined that the exposed data was limited and de-identified.”
Despite the amount of exposed information, ZD Net states that there is no personal user information exposed or compromised as a result of the incident.
