Connect with us

Hi, what are you looking for?

Tech & Science

Unsecured Microsoft Bing server exposed search queries (Includes interview)

The exposure does not come as good use for Microsoft, which is a company that places an important emphasis upon cybersecurity measures. Bing is Microsoft’s search engine; although widely used it has less coverage than Google.

With the incident, involving data losses, the leak was discovered by WizCase. The loss represents is a massive 6.5TB cache of log files that was left for anyone to access without any password, potentially allowing cybercriminals to leverage the information for carrying out extortion and phishing scams. The server was said to be growing by as much as 200GB per day while exposed, according to Ata Hakcil, a white hat hacker (as noted by website IT Pro)..

According to WizCase, the Elastic server is believed to have been password protected until September 10, 2020. After this time the authentication seems to have been inadvertently removed, leading to the data exposure.

According to Tech Crunch, the exposed data extends to search terms in clear text, the exact time searchers were executed, location coordinates, Firebase Notification Tokens, coupon data, and a partial list of the URLs users visited from the search results. This is all key data that could be misused by cyber-criminals.

Commenting on the incident for Digital Journal, Chris DeRamus, VP of Technology, Cloud Security Practice, Rapid7 says that “when a breach like this occurs, an unsecured server is almost always the reason – especially an Elasticsearch server, which accounted for 44 percent of all records exposed in 2018 and 2019 due to cloud misconfigurations, and was also the most common database breached across all platforms.”

DeRamus clarifies further: “In this instance, the password protection was removed, thereby allowing anyone who came across this database complete access. The software-defined nature of the cloud leads to frequent changes and it is important that organizations implement a continuous and automated cloud security strategy in order to detect and remediate threats such as misconfigurations and compliance violations in real-time. This incident exemplifies the importance of automating remediation processes to prevent unintended gaps in security.”

In terms of appropriate actions to take, DeRamus notes: “Automated cloud security solutions can grant organizations the ability to detect misconfigurations and alert the appropriate personnel to correct the issue, or even trigger automated remediation in real-time, so that databases and other assets never have the opportunity to be exposed, even temporarily. For businesses looking to solidify their security measures, automation is the simplest and most effective way to protect sensitive data.”

Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

World

In a 6-3 ruling, the Supreme Court ruled against the EPA, hindering the government from tackling the climate crisis.

World

You can’t just ring someone and ask them to fix America. Where would you get the parts, to start with?

World

A rainbow flag hangs outside the Ibn Rushd-Goethe mosque in Berlin - Copyright AFP GABRIEL BOUYSA mosque in Berlin on Friday became the first...