Ata Hakcil, especialista en ciberseguridad en WizCase, descubierto that Microsoft employees mistakenly left one of the Bing backend servers open – estaba disponible para cualquiera.
El investigador escribe que el servidor almacenado sobre 6.5 TB de registros que contienen 13,000,000,000 entradas recibidas de un motor de búsqueda. The specialist tested his theory on this matter very simply – he found his search queries in the logs, which he performed in the Bing app for Android.
“While looking through the server, I found my information, including search queries, detalles del dispositivo, and GPS coordinates, proving the exposed data comes directly from the Bing mobile app”, — writes Ata Hakcil.
Hakchil writes that the server was accessible via the Internet from September 10 a septiembre 16, 2020, and when the specialist notified the Microsoft Security Response Center (MSRC) engineers about the problem, the server was again protected by the password.
ZDNet journalists received a comment from Microsoft representatives about the incident.
The company assured that it fixed the misconfiguration immediately after receiving the notification from Hakchil, and emphasized that a very limited amount of data leaked.
«We’ve fixed a misconfiguration that caused a small amount of search query data to be exposed. After analysis, we’ve established that the exposed data was limited and de-identified», — Microsoft representative told ZDNet in an email last week.
The company even went to meet the publication and provided journalists with access to that very Elasticsearch server, so that they could see for themselves that there was no personal user data on the server and there was no one.
ZDNet writes that the server really only contained technical details: Consultas de búsqueda, information about the user’s system (dispositivo, SO, navegador, etc.), geographic location information (si está disponible), as well as various tokens, hashes, and coupon codes.
The server where the leak occurred was identified as an Elasticsearch system.
Elasticsearch servers are self-contained systems in which companies collect large amounts of data (billions of records) for easy searching and filtering.
Accidental fugas de datos have occurred quite frequently from Elasticsearch servers in recent years.
The reasons are different and can vary depending on the human factor: administrators who forgot to set a password (remember that I wrote that users seldom change passwords even after data leaks); Before the sudden failure of firewalls or VPN systems, as a result of which they opened access to the internal servers of the company; también, data leaks could have originated from test systems, which are not always as secure as the core infrastructure of companies.