According to the security researcher’s investigation, it is believed that the server has detected more than 6.5 terabytes of log files containing 13 billion records sourced from the search engine Bing.
Wizcase researcher was able to verify his findings by identifying the search queries he made in the Bing Android application in the server logs.
Ata Hakçıl said: The server was exposed from September 10 to September 16, when it notified Microsoft’s Security Response Center (MSRC), and the server was locked again with a password.
Microsoft admitted the error, and a company spokesman said: We fixed a configuration error that caused a small amount of search query data to be exposed, and decided after the analysis that the exposed data was limited and not specified.
The server did not reveal any personal information of the user, such as names, but rather revealed technical details, such as search queries, details about the user’s system (device, operating system, browser, etc.), geolocation details within 500 meters, and many icons. Distinctive.
Wizcase researchers argued that search queries and websites could have been linked to user identities, giving attackers information ready for extortion and phishing attacks.
The researchers said: The revealed coordinates are not accurate, but they still provide a relatively small perimeter of where the user is, and it may be possible to use them to track the owner of the phone again once it is copied to Google Maps.
The leaked server has been identified as an Elasticsearch system, and the Elasticsearch servers are high-quality systems, with companies collecting large amounts of data to easily search and filter through billions of records.
Over the past four years, the Elasticsearch servers have often been the source of numerous accidental data leaks. The researchers recommend denying permission to locate GPS the Bing app and use VPN when performing searches.