If you’ve used Bing on your mobile phone to search for sensitive information, you may need to reconsider doing so from now on. A huge leak from the Bing app allows a hacker to see everything a user searches for.
What Happened With the Bing App?
This flaw was discovered by the security firm, WizCase. The team was led by a white-hat hacker called Ata Hakcil, who discovered an insecure data server owned by Microsoft.
The server held 6.5TB of data and grew by 200GB every day. When the team inspected what was in the server, they found a vast database of logs of searches made via the official Bing app. It doesn’t appear that searches made via the Bing website were present.
The team discovered that the server had been password protected in the past; however, it lost its password in the first week of September 2020. Hackers had found the server before WizCase, launching a Meow attack between September 10-12, which threatened to destroy the entire database.
However, the Meow attack didn’t entirely erase everything. Once WizCase arrived at the scene on September 12, the team noted that hackers collected than 100 million search records.
The server recorded the following data:
Search Terms in clear text, excluding the ones entered in private modeLocation Coordinates: If the location permission is enabled on the app, a precise location, within 500 meters, was included in the data set.While the coordinates exposed aren’t precise, they still give a relatively small perimeter of where the user is located. By simply copying them on Google Maps, it could be possible to use them to trace back to the owner of the phone.The exact time the search was executed.
The data also contained what device the user searched with and the operating system used to perform the search.
What Can Hackers Do With This Data?
Unfortunately, the sheer amount of data leaked from the database does give hackers enough information to launch attacks on Bing users. The location coordinates, combined with the search terms, may provide hackers with information that’s used to steal your identity.
A hacker can use the search terms, coordinates, and device to work out who sent the query. The hacker can then create a personal profile with which they can pretend to be that person and commit identity fraud.
If the hacker finds a scandalous search term, they can use it to blackmail the victim. They may also create a phishing scam using the companies or interests that the user searched for.
A hacker may even use this data to launch a physical theft on the user. If the user searches Bing while at home, it tips off the hacker to where they live. The hacker can then use the search times and terms to work out when the victim’s home will be empty, then burgle it.
Keeping Your Privacy Safe With Search Engines
With this recent leak, Bing users need to be aware that their data may now be in malicious hands. It’s now more important than ever to use a search engine that respects user privacy and doesn’t log your searches.
If you’re (rightfully) wanting to swap away to a more secure search engine, don’t worry. There are plenty of private search engines that respect your information, such as DuckDuckGo and StartPage.
Image Credit: BEST-BACKGROUNDS/Shutterstock.com