Home / Early Warning / Cybersecurity Highlights / Leaked Bing search data through an Elasticsearch server

Leaked Bing search data through an Elasticsearch server

09/21/2020

Ata Hakcil, a security researcher at WizCas, discovered an information leak in Microsoft's Bing search service. Through a misconfigured Elasticsearch server, 6.5TB of information from searches made with the Bing mobile application was leaked.

The server, which is estimated to grow about 200GB a day, contains records of people who have searched in more than 70 countries. As provided by the research, among the exposed data are search terms, location coordinates, search date, operating system, device model, etc.

The WizCas team of researchers alerted the MSRC (Microsoft Security Response Center) and they immediately secured the exposed Elasticsearch server.

Microsoft sent the ZDNet news portal a statement from its spokesperson in which it clarified that the configuration failure was fixed and that, after analysis, it was determined that the exposed data was limited and not identified.