The exposure does not come as good use for Microsoft, which is a company that places an important emphasis upon cybersecurity measures. Bing is Microsoft’s search engine; although widely used it has less coverage than Google.
With the incident, involving data losses, the leak was discovered by WizCase. The loss represents is a massive 6.5TB cache of log files that was left for anyone to access without any password, potentially allowing cybercriminals to leverage the information for carrying out extortion and phishing scams. The server was said to be growing by as much as 200GB per day while exposed, according to Ata Hakcil, a white hat hacker (as noted by website IT Pro)..
According to WizCase, the Elastic server is believed to have been password protected until September 10, 2020. After this time the authentication seems to have been inadvertently removed, leading to the data exposure.
According to Tech Crunch, the exposed data extends to search terms in clear text, the exact time searchers were executed, location coordinates, Firebase Notification Tokens, coupon data, and a partial list of the URLs users visited from the search results. This is all key data that could be misused by cyber-criminals.
Commenting on the incident for Digital Journal, Chris DeRamus, VP of Technology, Cloud Security Practice, Rapid7 says that “when a breach like this occurs, an unsecured server is almost always the reason – especially an Elasticsearch server, which accounted for 44 percent of all records exposed in 2018 and 2019 due to cloud misconfigurations, and was also the most common database breached across all platforms.”
DeRamus clarifies further: “In this instance, the password protection was removed, thereby allowing anyone who came across this database complete access. The software-defined nature of the cloud leads to frequent changes and it is important that organizations implement a continuous and automated cloud security strategy in order to detect and remediate threats such as misconfigurations and compliance violations in real-time. This incident exemplifies the importance of automating remediation processes to prevent unintended gaps in security.”
In terms of appropriate actions to take, DeRamus notes: “Automated cloud security solutions can grant organizations the ability to detect misconfigurations and alert the appropriate personnel to correct the issue, or even trigger automated remediation in real-time, so that databases and other assets never have the opportunity to be exposed, even temporarily. For businesses looking to solidify their security measures, automation is the simplest and most effective way to protect sensitive data.”
