Bing unsecured backend server exposed mobile users' devices, searches, and location
Microsoft's search engine competing with the likes of Google is currently not the best choice for privacy-minded mobile device users, as its Android and iOS app both use an unsecure server to process queries that is potentially leaking personally identifiable information.
• Search Terms in clear text (excluding the ones entered in private mode)
• Location Coordinates
• Exact time the search was executed
• URLs the users visited from the search results
• Phone or Tablet model and operating system
• 3 separate unique ID numbers assigned to each user
During the course of their investigation, the WizCase team discovered predators searching for child pornography (both search terms and the URLs clicked), weapons and disturbing murder-related search terms, and more across the 6.5 terabyte server that accumulated as much as 200 gigabytes of data daily. Bad actors and unethical hackers could easily use this information for blackmail, phishing, or even physical attacks like robbery.
If you're using Microsoft Bing on your Android or iOS smart device, consider changing to an alternative such as DuckDuckGo that's also available in mobile app form and is much more conscious of your privacy and managing your search data.
- Free • Proprietary
- Windows S
- Windows Phone
- Blackberry 10