If there is one thing we have learned in the last couple of years then it is that data leaks are here to stay no matter how much resources apps and services put into security products. And sure enough, a massive data leak has taken place.
This data leak is particularly important because the database which has leaked data belongs to Bing mobile app (from Microsoft). And because of the number of users that use the Bing mobile app, more than 100 million Bing users will now have their online records exposed.
As for the cyber attack itself, various security experts have confirmed then the attack was a Meow attack. Meow, is a new kind of attack where hackers are able to scrap unsecured databases with search queries and location information. Once they have that, they can use them for launching blackmail cyber attacks among which the most prominent one is phishing attack.
Research teams have also discovered various explicit search terms such as child pornography and various gun-related ones. Some search results referred to terms such as ‘kill commies’.
Wizacase researchers mentioned to reporters that anyone who had used the Bing mobile app to make a search in the past while hackers had compromised the mentioned servers was at risk.
They also mentioned that hackers must have been able to collect enough exposed data that a sufficiently skilled individual could identify users using their location and search queries.
This type of exposed data attracts a high price in the black market where scammers and other cybercriminals are able to launch ransomware attacks against compromised individuals.
In terms of numbers, over 10 million users have downloaded the official Bing Mobile app on the Android platform via Google Play Store. This should translate to millions of online searches and hence petabytes of data.
But that’s not all. Anyone who had given the Bing mobile app permission to use his/her location data would have also had that exposed.
Researchers did mention that the exposed location data did not give precise locations of the user in the past but it did come close (within 500 meters). Let’s not forget that hackers can easily input any given location data into Google Maps and then trace the location back to the phone owner.
As far as the names of the Bing users are concerned, they have not been exposed. Anyone who used the Bing search engine in private mode did not get that session’s data exposed.
Researchers also warned that cybercriminals could use the location data to not only launch robberies and physical attacks against exposed users but also know the details of their daily routines.
They may even know if the user is carrying something valuable with them or the amount of cash. Hackers can know all of this by just studying the search query history of a given person.
Researchers said that a hacker could know if an exposed person had searched for the location of a store that sold an expensive item or the directions to such a store and then intercepts the person and steal his/her money.
This is important:Users can and should use a VPN at all times to protect themselves and their data online. One good VPN for such tasks is NordVPN. You can click here to read more about how NordVPN is the right VPN for keeping your data private.
The only positive to come out of this data leak is that the unsecured database did not have exact addresses of people who had used Bing mobile apps for searching online. As mentioned before, the database did give hackers location data correct to within 500m.
Security researchers working at Wizacase also said that as ethical hackers, they did not spend resources to identify people who had compromised the database and hand them over to law enforcement agencies.
The discovery did reveal though that there are many sick-minded people using search engines to mark their victims. The leak also showed the websites they visited for their nefarious purposes.
Whatever the case maybe, Bing mobile app users who have used the search engine for anything since the date of data leak, should exercise extreme caution while going about their business in the online world.
At moments like these, it is always advisable to change all sensitive passwords and review one’s account activity with the services in question. In this case, that seems to be Bing and by extension Microsoft.