A security loophole in Microsoft’s Bing search engine could allow users to steal large sums of money, it has been revealed.
The exploit is linked to Bing’s online shopping “Cash Back” scheme. According to Microsoft, the service was a “great way for you to save money when you shop online”, earning customers “a percentage of the product price as cash-back” when shopping with affiliate sites.
However, Samir Meghani, entrepreneur and co-founder of price comparison site Bounti, has discovered that an easily alterable piece of computer code could lead to large sums of money being unlawfully credited to a users account. The flaw also puts the savings of legitimate users at risk.
Meghani said that “I’ve never bought anything using Bing Cashback, but the balance of my account is $2,080.06. I’m not going to explain exactly how to generate the fake requests so that they actually post, but it’s not complicated.”
Microsoft have responded by requesting that Meghani remove the post in question, or face legal action.
Despite a multi-million dollar marketing campaign, Bing still only has a 9% share of US search traffic. This “cash back” fracas is yet another embarrassing episode for the struggling search-engine.