Suffered a company Microsoft reported a cybersecurity issue earlier this month involving a Bing search engine server, in which the company’s IT employees accidentally left one of its backend servers exposed across the Internet.
According to the security researcher’s investigation, it is believed that the server has detected more than 6.5 terabytes of log files containing 13 billion records sourced from the search engine (Bing).
Wizcase researcher was able to verify his findings by identifying the search queries he made in the (Bing) Android application in the server logs.
(Ata Hakçıl) said: The server was exposed from September 10 to September 16, when it notified Microsoft’s Security Response Center (MSRC), and the server was locked again with a password.
Microsoft admitted the error, and a company spokesperson said: We fixed a configuration error that caused a small amount of search query data to be exposed, and decided after the analysis that the exposed data was limited and not specified.
The server did not reveal any personal information of the user, such as names, but rather revealed technical details, such as search queries, details about the user’s system (device, operating system, browser, etc.), geographical location details within 500 meters, and many icons Distinctive.
The researchers at Wizcase argued that it was possible to link search queries and sites to user identities, giving attackers information ready for extortion and phishing attacks.
The researchers said: The revealed coordinates are not accurate, but they still provide a relatively small perimeter of where the user is, and it may be possible to use them to track the owner of the phone again once it is copied to Google Maps.
The leaked server has been identified as an Elasticsearch system, and Elasticsearch servers are high-quality systems, as companies collect large amounts of data for easy searching and filtering through billions of records.
Over the past four years, the Elasticsearch servers have often been the source of numerous accidental data leaks.
The researchers recommend denying permission to locate (GPS) the (Bing) app and use (VPN) when conducting searches.