Security alert: 100 million search engine records revealed online

September 23, 2020

By Kim Komando

Admit it: All of us have items in our search history that we aren’t proud of. Whether you’re looking up obvious information that everyone should know or gross medical symptoms, there’s a reason we try to keep our search history private from others. It’s our personal business, after all.

Some are even willing to hide what they’ve searched for from Google to stop the search engine from giving them weird recommendations. Tap or click here to see how to delete what Google knows about you.

If you’ve ever been worried about someone seeing your search history, you might have a valid reason now. One of the web’s biggest search engines experienced a data leak of massive proportions — and some of the items uncovered were enough to shock hackers themselves. Here’s why.

Bing user records exposed in massive database leak

If you’ve ever searched the web using Bing, some hacker probably knows what you looked for. And if there’s anything there that’s questionable, blackmail might be the first thing on their mind.

Security researchers at Wizcase have discovered an unsecured database containing 100 million Bing user records from more than 70 countries. The database appears to be owned by Microsoft and was initially found with no password protecting its contents. A few days after discovery, the database was secured.

Strangely enough, the database did have a password from the start — but it appeared to have been removed by hackers as part of a cyberattack. Information found in the database included full search terms, account details and location data.

Specific names and addresses don’t appear to have been part of the leak, but the researchers fear that information could be cobbled together from location information and search terms.

The most concerning information found in the breach, however, was inside the search terms — and even white-hat hackers working with Wizcase were surprised. Apparently, some Bing users had been researching weapons to commit mass shootings along with child pornography. It’s just more proof that predators lurk among us even if we can’t see them.

The search information could be used to blackmail people — especially if they looked up adult search terms. This would be a form of sextortion scam if it happened. Tap or click here to see why sextortion scams are getting worse.

I use Bing. Am I at risk for cyberattacks?

Right now, the primary victims of this breach appear to be users of the Bing mobile app. If you search Bing without logging in or just use the website on your desktop computer, you might be safer than app users.

That said, it’s still worth checking to make sure that your information wasn’t included in the leak. Even if you don’t use the app, it never hurts to know your risk factor.

Here’s how you can look up your information and safeguard your accounts:

• Check HaveIBeenPwned to see if your data was found in the leak: You can use a security-checkup service like HaveIBeenPwned to see if your account email address was involved in any major data breaches. If your account was part of the leak, it’s time to change any passwords associated with that email address for any accounts that use it.
• Set up two-factor authentication: Activate 2FA on your accounts to give your data an extra bit of protection. Any login attempts will now require a text message code to work. This means that your physical smartphone is now required to log in. Plus, you’ll be alerted when someone attempts to log in to your account without your permission. Tap or click here to see how to set up 2FA for your favorite sites.
• Stronger passwords: Create stronger passwords for your accounts by combining letters (uppercase and lowercase), numbers and symbols. Make your passwords eight characters or longer, too. Try using a memorable phrase or song lyric and swapping letters for numbers.
  • example: “Take my hand, off to never-never land” becomes “T/Vho2nnL.” In this example, cases alternate, the “M” in “My” becomes two symbols and a letter, and the “to” becomes the number 2.
    
    Tap or click here to see how haveibeenpwned can check if you were part of a data breach.

In addition to the methods listed above, another option you can take advantage of is a secure password manager.

If you use different passwords for all your accounts, it’s tricky having to remember all of them. That’s why a password manager like our sponsor Roboform is so useful. Roboform saves your passwords using secure encryption and also suggests stronger ones that are much harder to crack or guess.

Save 50% on RoboForm Everywhere and manage your passwords with ease and security when you use discount code KIM50 at checkout!

And last but not least, it might be worth making the switch to a private search engine. Sites like DuckDuckGo do not save your session information and make using the web much less creepy. Tap or click here to see more about DuckDuckGo and other Google alternatives.