Ata Hakcil, cyber security specialist at WizCase, discovered that Microsoft employees mistakenly left one of the Bing backend servers open – it was available to anyone.
The researcher writes that the server stored over 6.5 TB of logs containing 13,000,000,000 entries received from a search engine. The specialist tested his theory on this matter very simply – he found his search queries in the logs, which he performed in the Bing app for Android.
“While looking through the server, I found my information, including search queries, device details, and GPS coordinates, proving the exposed data comes directly from the Bing mobile app”, — writes Ata Hakcil.
Hakchil writes that the server was accessible via the Internet from September 10 to September 16, 2020, and when the specialist notified the Microsoft Security Response Center (MSRC) engineers about the problem, the server was again protected by the password.
ZDNet journalists received a comment from Microsoft representatives about the incident.
The company assured that it fixed the misconfiguration immediately after receiving the notification from Hakchil, and emphasized that a very limited amount of data leaked.
“We’ve fixed a misconfiguration that caused a small amount of search query data to be exposed. After analysis, we’ve established that the exposed data was limited and de-identified”, — Microsoft representative told ZDNet in an email last week.
The company even went to meet the publication and provided journalists with access to that very Elasticsearch server, so that they could see for themselves that there was no personal user data on the server and there was no one.
ZDNet writes that the server really only contained technical details: search queries, information about the user’s system (device, OS, browser, etc.), geographic location information (if available), as well as various tokens, hashes, and coupon codes.
The server where the leak occurred was identified as an Elasticsearch system.
Elasticsearch servers are self-contained systems in which companies collect large amounts of data (billions of records) for easy searching and filtering.
Accidental data leaks have occurred quite frequently from Elasticsearch servers in recent years.
The reasons are different and can vary depending on the human factor: administrators who forgot to set a password (remember that I wrote that users seldom change passwords even after data leaks); Before the sudden failure of firewalls or VPN systems, as a result of which they opened access to the internal servers of the company; also, data leaks could have originated from test systems, which are not always as secure as the core infrastructure of companies.