Expert Commentary: Unsecured Microsoft Bing Server Exposed Users’ Search Queries And Location

It was recently revealed that a back-end server associated with Microsoft Bing exposed sensitive data of the search engine’s mobile application users, including search queries, device details, and GPS coordinates, among others. The data leak, discovered by WizCase on September 12, is a massive 6.5TB cache of log files that was left for anyone to access without any password, potentially allowing cybercriminals to leverage the information for carrying out extortion and phishing scams. According to WizCase, the Elastic server is believed to have been password protected until September 10, after which the authentication seems to have been inadvertently removed.

Subscribe
Notify of
guest
1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Chris DeRamus
Chris DeRamus , VP of Technology Cloud Security Practice
InfoSec Expert
September 24, 2020 4:12 pm

When a breach like this occurs, an unsecured server is almost always the reason – especially an Elasticsearch server, which accounted for 44% of all records exposed in 2018 and 2019 due to cloud misconfigurations, and was also the most common database breached across all platforms (20%). In this instance, the password protection was removed, thereby allowing anyone who came across this database complete access. The software-defined nature of the cloud leads to frequent changes and it is important that organizations implement a continuous and automated cloud security strategy in order to detect and remediate threats such as misconfigurations and compliance violations in real-time. This incident exemplifies the importance of automating remediation processes to prevent unintended gaps in security.

Automated cloud security solutions can grant organizations the ability to detect misconfigurations and alert the appropriate personnel to correct the issue, or even trigger automated remediation in real-time, so that databases and other assets never have the opportunity to be exposed, even temporarily. For businesses looking to solidify their security measures, automation is the simplest and most effective way to protect sensitive data.

When a breach like this occurs, an unsecured server is almost always the reason – especially an Elasticsearch server, which accounted for 44% of all records exposed in 2018 and 2019 due to cloud misconfigurations, and was also the most common database breached across all platforms (20%). In this instance, the password protection was removed, thereby allowing anyone who came across this database complete access. The software-defined nature of the cloud leads to frequent changes and it is important that organizations implement a continuous and automated cloud security strategy in order to detect and remediate threats such as misconfigurations and compliance violations in real-time. This incident exemplifies the importance of automating remediation processes to prevent unintended gaps in security.

Automated cloud security solutions can grant organizations the ability to detect misconfigurations and alert the appropriate personnel to correct the issue, or even trigger automated remediation in real-time, so that databases and other assets never have the opportunity to be exposed, even temporarily. For businesses looking to solidify their security measures, automation is the simplest and most effective way to protect sensitive data.

Last edited 1 year ago by Chris DeRamus
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x