Posted on September 24, 2020 at 3:37 AM
Hackers Expose Bing Mobile App Database with Terabytes of Data
Users of the Bing mobile have been warned that their data may be at risk as hackers compromised the Bing mobile app server with terabytes of data affected. The compromise affects both the ipadOS and iOS Bing users.
The Bing search engine, owned by Microsoft, has been growing by 20000GB per day, with the server handling more than 6.5 terabytes of data before the data infiltration.
White hat hacking group and security researcher WizCase found about the open server on September 12. The server had been safe until two days before it was hacked. A day after the hack, Microsoft was informed, which prompted the company to secure the server on September 16.
Meow attack on the database
WizCase identified that some data was stolen from the server and subsequently saw a “Mew” attack on the open database.
A meow attack compromises an open server, to delete a large amount of data from the attacked server. In this case, the meow attack deleted almost the entire database.
When the second wave of attack struck the server on September 14, about 100 million records had already been collected by bad actors.
Threat actors always relish the opportunity to attack a server, especially an open server with several terabytes of data.
This time, the hackers were able to exfiltrate the majority of the data found in the open server. Information contained in the stolen data includes the exact time of the search, device model used in the search, location coordinates of users, plain-text search terms, URLs visited within search results, coupon data for result terms, as well as firebase notification tokens.
The hack can lead to future phishing attacks
The hackers or any bad actor in possession of the database can search to locate specific users based on locations or queries. This may lead to physical threats, phishing activities, blackmail, or fraud.
The WizCase researchers identified specific users who searched for weapons, child pornography, or where to attack specific groups of people.
‘According to our scanner, the server was password protected until the first week of September. Our team discovered the leak on September 12th, approximately two days after the authentication was removed.’
Wizcase said they alerted Microsoft of the unprotected database on September 13, which then added a password on September 16.
It appears the server was hit by a Meow attack, which searches for unsecured databases and wipes them clean. They also revealed some people searched for guns while some searchers were interested in shootings to ‘kill commies.’
“Anyone who has made a Bing search with the mobile app while the server has been exposed is at risk,’ Wizcase researchers said.
The team discovered that search terms, location data, and other information were also collected, but personal details like people’s addresses or their names were not included in the database.
The coordinates give a vague detail of where the user is searching from, even though the exposed coordinates are not precise, the researchers continued.
When they are copied on Google Maps, it will be easier to trace them back to the searcher.
The researchers also revealed that hackers can use search queries to blackmail users since some of the users were looking for information about guns and child pornography.
Wizcase said it doesn’t have the resources to find these people searching for these contents and hand them to the law enforcement authorities since they are ethical hackers.
It shows how many dangerous people and predators are making use of search engines in the wrong way. Some of them are seriously looking for how to get their next victims and subject them to inhumane treatments. With this exposure to the database, law enforcement agencies can take the information to help them in their cause to bring those people to justice.
Wizcase also stated that the hack was exposed to all types of scammers and hackers out there, which means users of the Bing search engine may likely face an email phishing attack in the future.