{"id":2762,"date":"2023-03-30T06:51:31","date_gmt":"2023-03-30T06:51:31","guid":{"rendered":"https:\/\/secry.me\/explore\/?p=2762"},"modified":"2023-10-03T11:44:46","modified_gmt":"2023-10-03T11:44:46","slug":"bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover","status":"publish","type":"post","link":"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/","title":{"rendered":"BING HACKED: AAD Misconfiguration Exposes Bing.com to Unauthorized Access Leading to Results Manipulation and Account Takeover"},"content":{"rendered":"<div class=\"c7f5092f831f91fb6af859cc3a8052cc\" data-index=\"4\" style=\"float: none; margin:10px 0 10px 0; text-align:center;\">\n<script async src=\"https:\/\/securepubads.g.doubleclick.net\/tag\/js\/gpt.js\"><\/script>\r\n<script>\r\n  window.googletag = window.googletag || {cmd: []};\r\n  googletag.cmd.push(function() {\r\n    googletag.defineSlot('\/22608490431\/iklan1', [[320, 100], [300, 50]], 'div-gpt-ad-1696178236578-0').addService(googletag.pubads());\r\n    googletag.pubads().enableSingleRequest();\r\n    googletag.enableServices();\r\n  });\r\n<\/script>\r\n<!-- \/22608490431\/iklan1 -->\r\n<div id='div-gpt-ad-1696178236578-0' style='min-width: 300px; min-height: 50px;'>\r\n  <script>\r\n    googletag.cmd.push(function() { googletag.display('div-gpt-ad-1696178236578-0'); });\r\n  <\/script>\r\n<\/div>\n<\/div>\n<p>Bing Hacked: <a href=\"https:\/\/www.wiz.io\/blog\/\">Wiz Research<\/a>, a cybersecurity firm, recently uncovered a significant vulnerability in <strong>Azure Active Directory (AAD)<\/strong> that resulted in unauthorized access to multiple Microsoft applications including <a href=\"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\">bing.com hacked<\/a>.<\/p>\n<p>This misconfiguration in AAD has raised concerns about the security of cloud-based identity providers, particularly with popular services like Azure App Services and Azure Functions. The research conducted by Wiz Research revealed that approximately 25% of multi-tenant applications were vulnerable to this attack vector.<\/p>\n<p>The discovery of this vulnerability has far-reaching implications, as it allowed <strong>unauthorized modification of search results<\/strong> on Bing.com, a widely used search engine.<\/p>\n<p><iframe loading=\"lazy\" title=\"The #BingBang - a Bing.com vulnerability discovered by Wiz Research\" width=\"696\" height=\"392\" src=\"https:\/\/www.youtube.com\/embed\/hctqRgQW4IU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen><\/iframe><\/p>\n<p>&nbsp;<\/p>\n<p>Not only could the attackers manipulate search results, but they could also launch <strong>cross-site scripting<\/strong> <strong>(XSS)<\/strong> attacks on Bing users, potentially compromising their personal data, including Outlook emails and SharePoint documents.<\/p>\n<figure id=\"attachment_2771\" aria-describedby=\"caption-attachment-2771\" style=\"width: 696px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\" td-modal-image wp-image-2771 size-large\" src=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097475-10-xss_victim_censored-1024x558.webp\" alt=\"Successful Theft of Office 365 User Data Demonstration\" width=\"696\" height=\"379\" srcset=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097475-10-xss_victim_censored-1024x558.webp 1024w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097475-10-xss_victim_censored-300x163.webp 300w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097475-10-xss_victim_censored-768x418.webp 768w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097475-10-xss_victim_censored-1536x837.webp 1536w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097475-10-xss_victim_censored-150x82.webp 150w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097475-10-xss_victim_censored-696x379.webp 696w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097475-10-xss_victim_censored-1068x582.webp 1068w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097475-10-xss_victim_censored.webp 1920w\" sizes=\"auto, (max-width: 696px) 100vw, 696px\" \/><figcaption id=\"caption-attachment-2771\" class=\"wp-caption-text\">Successful Theft of Office 365 User Data Demonstration, source: https:\/\/www.wiz.io\/blog\/azure-active-directory-bing-misconfiguration<\/figcaption><\/figure>\n<p>The Wiz Research team promptly reported their findings to the Microsoft Security Response Center (MSRC), which took immediate action to fix the vulnerable applications.<\/p>\n<p>Microsoft also updated its customer guidance and patched certain AAD functionalities to minimize the risk of further exposure. In recognition of their valuable contribution, Microsoft awarded Wiz Research a bug bounty of <strong>$40,000<\/strong>.<\/p>\n<p>&nbsp;<\/p>\n<h3>A Closer Look at Azure Active Directory (AAD) Misconfigurations<\/h3>\n<p>Azure Active Directory (AAD) is Microsoft&#8217;s Single Sign-On (SSO) service, commonly used for authentication in Azure App Services and Azure Functions. The misconfigurations in AAD predominantly occur in multi-tenant applications, where the responsibility for validating user identities and implementing appropriate access controls becomes ambiguous.<\/p>\n<p>In the case of Azure App Services and Azure Functions, the lack of clarity regarding validation responsibilities often leads to misconfigurations.<\/p>\n<p>Wiz Research&#8217;s scans of the internet revealed that a significant number of multi-tenant apps suffered from authentication bypass vulnerabilities. This indicates a widespread lack of understanding among developers about the importance of validating end-users&#8217; tokens, resulting in these misconfigurations.<\/p>\n<p>&nbsp;<\/p>\n<h3>The Case Study: Compromising Bing.com Search Result and Office 365 Data<\/h3>\n<ol>\n<li>Part 1 &#8211; Reconnaissance:<br \/>\nWiz Research conducted scans on Azure App Services and Azure Functions, ultimately focusing on Microsoft&#8217;s own tenant. They discovered the Bing Trivia application (bingtrivia.azurewebsites.net), which allowed unauthorized access. This application served as a content management system (CMS) for Bing.com, enabling the manipulation of search results and launching of XSS attacks.<\/li>\n<li>Part 2 &#8211; Altering search results and homepage background:\n<figure id=\"attachment_2772\" aria-describedby=\"caption-attachment-2772\" style=\"width: 696px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\" td-modal-image wp-image-2772 size-large\" src=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097282-4-bingtrivia_zebras-1024x276.webp\" alt=\"Change background image of Bing.com Homepage\" width=\"696\" height=\"188\" srcset=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097282-4-bingtrivia_zebras-1024x276.webp 1024w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097282-4-bingtrivia_zebras-300x81.webp 300w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097282-4-bingtrivia_zebras-768x207.webp 768w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097282-4-bingtrivia_zebras-1536x414.webp 1536w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097282-4-bingtrivia_zebras-150x40.webp 150w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097282-4-bingtrivia_zebras-696x188.webp 696w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097282-4-bingtrivia_zebras-1068x288.webp 1068w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097282-4-bingtrivia_zebras.webp 1784w\" sizes=\"auto, (max-width: 696px) 100vw, 696px\" \/><figcaption id=\"caption-attachment-2772\" class=\"wp-caption-text\">Change background image of Bing.com Homepage, source: https:\/\/www.wiz.io\/blog\/azure-active-directory-bing-misconfiguration<\/figcaption><\/figure>\n<p>Wiz Research tested their control over Bing&#8217;s search results by modifying a carousel section within the CMS, which contained a table featuring search result suggestions displayed on Bing search engine. It also highlighted quizzes and background images that were showcased on the Bing.com homepage on the same day. To their surprise, the changes they have made were immediately reflected on Bing.com. And after confirming their ability to manipulate search results. They promptly reported their findings to Microsoft.<\/li>\n<li>Part 3 &#8211; Attacking Bing users:<br \/>\nInvestigating further, Wiz Research discovered that an XSS payload could be used to obtain valid tokens from Bing users, potentially granting access to their Office 365 data. This included Outlook emails, calendars, Teams messages, SharePoint documents, and OneDrive files. The potential impact on millions of users&#8217; sensitive data was significant.<\/li>\n<\/ol>\n<figure id=\"attachment_2769\" aria-describedby=\"caption-attachment-2769\" style=\"width: 696px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\" td-modal-image wp-image-2769 size-large\" src=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097443-9-xss_payload-1024x198.webp\" alt=\"XSS script to steal Office 365 user data via business.bing.com\" width=\"696\" height=\"135\" srcset=\"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097443-9-xss_payload-1024x198.webp 1024w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097443-9-xss_payload-300x58.webp 300w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097443-9-xss_payload-768x148.webp 768w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097443-9-xss_payload-1536x296.webp 1536w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097443-9-xss_payload-2048x395.webp 2048w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097443-9-xss_payload-150x29.webp 150w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097443-9-xss_payload-696x134.webp 696w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097443-9-xss_payload-1068x206.webp 1068w, https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/1680097443-9-xss_payload-1920x371.webp 1920w\" sizes=\"auto, (max-width: 696px) 100vw, 696px\" \/><figcaption id=\"caption-attachment-2769\" class=\"wp-caption-text\">XSS script to steal Office 365 user data via business.bing.com. source: https:\/\/www.wiz.io\/blog\/azure-active-directory-bing-misconfiguration<\/figcaption><\/figure>\n<p>&nbsp;<\/p>\n<h3>Additional Vulnerable Microsoft Applications<\/h3>\n<p>In addition to the Bing Trivia app, Wiz Research identified several other internal Microsoft applications that suffered from similar misconfigurations, putting them at risk of unauthorized access:<\/p>\n<ul>\n<li>Mag News: A control panel for the MSN Newsletter, enabling the sending of arbitrary emails to a vast audience from a trusted Microsoft email.<\/li>\n<li>CNS API: An API for Microsoft&#8217;s Central Notification Service, allowing the reading and sending of internal notifications to Microsoft developers.<\/li>\n<li>Contact Center: An API for Microsoft&#8217;s Contact Center, managing call center agents for customer representatives.<\/li>\n<li>PoliCheck: An internal Microsoft application used for political ad verification, which could be manipulated to display false or misleading information.<\/li>\n<li>MSRC Portal: The Microsoft Security Response Center portal, which handles the reporting and tracking of security vulnerabilities in Microsoft products. Unauthorized access to this portal could have severe consequences, including the ability to exploit undisclosed vulnerabilities.<\/li>\n<\/ul>\n<p>Following the disclosure of these vulnerabilities, Microsoft has taken immediate action to fix the affected applications and reinforce security measures. They have also conducted internal investigations to identify any unauthorized access and mitigate the potential impact on user data and also rewarded the Wiz Research $40000.<\/p>\n<p>&nbsp;<\/p>\n<h3>Customer Remediation Guidelines<\/h3>\n<p>To ensure the security of Azure Active Directory (AAD) in organizations, it is crucial to address potential vulnerabilities in multi-tenant applications. Administrators can perform a query on AAD service principals and utilize either the Azure Portal or Azure CLI to identify applications that may lack sufficient authorization checks. The recommended remediation actions involve either migrating to single-tenant authentication or implementing claims-based authorization logic tailored to the specific requirements of the application.<\/p>\n<p>The discovery of these misconfigurations serves as a reminder for organizations to prioritize the proper configuration and implementation of security measures when adopting cloud-based identity providers like Azure Active Directory.<\/p>\n<p>Furthermore, it underscores the significance of conducting regular security assessments and vulnerability testing to proactively identify and address any weaknesses in both applications and infrastructure. By adhering to these guidelines, organizations can bolster their overall security posture and safeguard their data effectively.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n<div id=\"urban-overlay\" style=\"left: -10px; top: -10px; width: 0px; height: 0px;\"><\/div>\n\n<div style=\"font-size: 0px; height: 0px; line-height: 0px; margin: 0; padding: 0; clear: both;\"><\/div>","protected":false},"excerpt":{"rendered":"<p>Bing Hacked: Wiz Research, a cybersecurity firm, recently uncovered a significant vulnerability in Azure Active Directory (AAD) that resulted in unauthorized access to multiple Microsoft applications including bing.com hacked. This misconfiguration in AAD has raised concerns about the security of cloud-based identity providers, particularly with popular services like Azure App Services and Azure Functions. The [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2775,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[194,131],"tags":[223,220,221,222,224,225],"class_list":{"0":"post-2762","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security","8":"category-news","9":"tag-azure-active-directory-missconfiguration","10":"tag-bing","11":"tag-bing-hacked","12":"tag-bing-trivia","13":"tag-bing-com","14":"tag-search-result"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.4 (Yoast SEO v27.5) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>BING HACKED: AAD Misconfiguration Exposes Bing.com to Unauthorized Access Leading to Results Manipulation and Account Takeover | SECRY<\/title>\n<meta name=\"description\" content=\"Bing Hacked: Wiz Research, a cybersecurity firm, recently uncovered a significant vulnerability in Azure Active Directory (AAD) that resulted in\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"BING HACKED: AAD Misconfiguration Exposes Bing.com to Unauthorized Access Leading to Results Manipulation and Account Takeover | SECRY\" \/>\n<meta property=\"og:description\" content=\"Bing Hacked: Wiz Research, a cybersecurity firm, recently uncovered a significant vulnerability in Azure Active Directory (AAD) that resulted in\" \/>\n<meta property=\"og:url\" content=\"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/\" \/>\n<meta property=\"og:site_name\" content=\"SECRY\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/secry.me\" \/>\n<meta property=\"article:published_time\" content=\"2023-03-30T06:51:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-10-03T11:44:46+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/secryweb.sirv.com\/WP_secry.me\/2023\/07\/BINGBANG-BING-HACKED-VIA-AAD-MISSCONFIGURATION-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"720\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\\\/\"},\"author\":{\"name\":\"Christin\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/acc5b116f6d4870e1ecd6928630104f5\"},\"headline\":\"BING HACKED: AAD Misconfiguration Exposes Bing.com to Unauthorized Access Leading to Results Manipulation and Account Takeover\",\"datePublished\":\"2023-03-30T06:51:31+00:00\",\"dateModified\":\"2023-10-03T11:44:46+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\\\/\"},\"wordCount\":940,\"commentCount\":9,\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/BINGBANG-BING-HACKED-VIA-AAD-MISSCONFIGURATION-1.png\",\"keywords\":[\"Azure Active Directory Missconfiguration\",\"Bing\",\"Bing Hacked\",\"Bing Trivia\",\"Bing.com\",\"Search Result\"],\"articleSection\":[\"Cyber Security\",\"Hacker News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\\\/\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\\\/\",\"name\":\"BING HACKED: AAD Misconfiguration Exposes Bing.com to Unauthorized Access Leading to Results Manipulation and Account Takeover | SECRY\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/BINGBANG-BING-HACKED-VIA-AAD-MISSCONFIGURATION-1.png\",\"datePublished\":\"2023-03-30T06:51:31+00:00\",\"dateModified\":\"2023-10-03T11:44:46+00:00\",\"description\":\"Bing Hacked: Wiz Research, a cybersecurity firm, recently uncovered a significant vulnerability in Azure Active Directory (AAD) that resulted in\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/secry.me\\\/explore\\\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\\\/#primaryimage\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/BINGBANG-BING-HACKED-VIA-AAD-MISSCONFIGURATION-1.png\",\"contentUrl\":\"https:\\\/\\\/secry.me\\\/explore\\\/wp-content\\\/uploads\\\/2023\\\/07\\\/BINGBANG-BING-HACKED-VIA-AAD-MISSCONFIGURATION-1.png\",\"width\":1280,\"height\":720,\"caption\":\"BING HACKED: AAD Misconfiguration Exposes Bing.com to Unauthorized Access Leading to Results Manipulation and Account Takeover\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/secry.me\\\/explore\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"BING HACKED: AAD Misconfiguration Exposes Bing.com to Unauthorized Access Leading to Results Manipulation and Account Takeover\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#website\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"name\":\"SECRY\",\"description\":\"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections\",\"publisher\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\"},\"alternateName\":\"Security Story\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/secry.me\\\/explore\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#organization\",\"name\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\",\"alternateName\":\"SECRY\",\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"contentUrl\":\"https:\\\/\\\/secryweb.sirv.com\\\/WP_secry.me\\\/2022\\\/06\\\/cropped-SECRY.webp\",\"width\":512,\"height\":512,\"caption\":\"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections\"},\"image\":{\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/secry.me\",\"https:\\\/\\\/pinterest.com\\\/secry_me\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/secry.me\\\/explore\\\/#\\\/schema\\\/person\\\/acc5b116f6d4870e1ecd6928630104f5\",\"name\":\"Christin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g\",\"caption\":\"Christin\"},\"description\":\"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.\",\"sameAs\":[\"https:\\\/\\\/secry.me\\\/explore\"],\"url\":\"https:\\\/\\\/secry.me\\\/explore\\\/author\\\/secry\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"BING HACKED: AAD Misconfiguration Exposes Bing.com to Unauthorized Access Leading to Results Manipulation and Account Takeover | SECRY","description":"Bing Hacked: Wiz Research, a cybersecurity firm, recently uncovered a significant vulnerability in Azure Active Directory (AAD) that resulted in","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/","og_locale":"en_US","og_type":"article","og_title":"BING HACKED: AAD Misconfiguration Exposes Bing.com to Unauthorized Access Leading to Results Manipulation and Account Takeover | SECRY","og_description":"Bing Hacked: Wiz Research, a cybersecurity firm, recently uncovered a significant vulnerability in Azure Active Directory (AAD) that resulted in","og_url":"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/","og_site_name":"SECRY","article_publisher":"https:\/\/www.facebook.com\/secry.me","article_published_time":"2023-03-30T06:51:31+00:00","article_modified_time":"2023-10-03T11:44:46+00:00","og_image":[{"width":1280,"height":720,"url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2023\/07\/BINGBANG-BING-HACKED-VIA-AAD-MISSCONFIGURATION-1.png","type":"image\/png"}],"author":"Christin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Christin","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/#article","isPartOf":{"@id":"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/"},"author":{"name":"Christin","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/acc5b116f6d4870e1ecd6928630104f5"},"headline":"BING HACKED: AAD Misconfiguration Exposes Bing.com to Unauthorized Access Leading to Results Manipulation and Account Takeover","datePublished":"2023-03-30T06:51:31+00:00","dateModified":"2023-10-03T11:44:46+00:00","mainEntityOfPage":{"@id":"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/"},"wordCount":940,"commentCount":9,"publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"image":{"@id":"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/BINGBANG-BING-HACKED-VIA-AAD-MISSCONFIGURATION-1.png","keywords":["Azure Active Directory Missconfiguration","Bing","Bing Hacked","Bing Trivia","Bing.com","Search Result"],"articleSection":["Cyber Security","Hacker News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/","url":"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/","name":"BING HACKED: AAD Misconfiguration Exposes Bing.com to Unauthorized Access Leading to Results Manipulation and Account Takeover | SECRY","isPartOf":{"@id":"https:\/\/secry.me\/explore\/#website"},"primaryImageOfPage":{"@id":"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/#primaryimage"},"image":{"@id":"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/#primaryimage"},"thumbnailUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/BINGBANG-BING-HACKED-VIA-AAD-MISSCONFIGURATION-1.png","datePublished":"2023-03-30T06:51:31+00:00","dateModified":"2023-10-03T11:44:46+00:00","description":"Bing Hacked: Wiz Research, a cybersecurity firm, recently uncovered a significant vulnerability in Azure Active Directory (AAD) that resulted in","breadcrumb":{"@id":"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/#primaryimage","url":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/BINGBANG-BING-HACKED-VIA-AAD-MISSCONFIGURATION-1.png","contentUrl":"https:\/\/secry.me\/explore\/wp-content\/uploads\/2023\/07\/BINGBANG-BING-HACKED-VIA-AAD-MISSCONFIGURATION-1.png","width":1280,"height":720,"caption":"BING HACKED: AAD Misconfiguration Exposes Bing.com to Unauthorized Access Leading to Results Manipulation and Account Takeover"},{"@type":"BreadcrumbList","@id":"https:\/\/secry.me\/explore\/bing-hacked-aad-misconfiguration-exposes-bing-com-to-unauthorized-access-leading-to-results-manipulation-and-account-takeover\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/secry.me\/explore\/"},{"@type":"ListItem","position":2,"name":"BING HACKED: AAD Misconfiguration Exposes Bing.com to Unauthorized Access Leading to Results Manipulation and Account Takeover"}]},{"@type":"WebSite","@id":"https:\/\/secry.me\/explore\/#website","url":"https:\/\/secry.me\/explore\/","name":"SECRY","description":"#1 Cyber [SEC]urity Sto[RY]  -  News &amp; Bug Bounty Story Collections","publisher":{"@id":"https:\/\/secry.me\/explore\/#organization"},"alternateName":"Security Story","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/secry.me\/explore\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/secry.me\/explore\/#organization","name":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections","alternateName":"SECRY","url":"https:\/\/secry.me\/explore\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/","url":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","contentUrl":"https:\/\/secryweb.sirv.com\/WP_secry.me\/2022\/06\/cropped-SECRY.webp","width":512,"height":512,"caption":"#1 Cyber [SEC]urity Sto[RY] - News & Bug Bounty Story Collections"},"image":{"@id":"https:\/\/secry.me\/explore\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/secry.me","https:\/\/pinterest.com\/secry_me"]},{"@type":"Person","@id":"https:\/\/secry.me\/explore\/#\/schema\/person\/acc5b116f6d4870e1ecd6928630104f5","name":"Christin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b5497f25505814356d5235813688d08a9e63670586640e4bb29680889eabcc9b?s=96&d=robohash&r=g","caption":"Christin"},"description":"A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.","sameAs":["https:\/\/secry.me\/explore"],"url":"https:\/\/secry.me\/explore\/author\/secry\/"}]}},"_links":{"self":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/2762","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/comments?post=2762"}],"version-history":[{"count":14,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/2762\/revisions"}],"predecessor-version":[{"id":3455,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/posts\/2762\/revisions\/3455"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media\/2775"}],"wp:attachment":[{"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/media?parent=2762"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/categories?post=2762"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secry.me\/explore\/wp-json\/wp\/v2\/tags?post=2762"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}