Serious Flaw in Bing Cashback

Samir Meghani the co-founder of bountii.com a price comparison website, has been threatened by Microsoft lawyers for exposing a serious flaw in the way that Bing "cash back" tracks purchases. The affiliate scheme offers users of the search engine cash back every time they buy a product through the service.

Microsoft sent Meghani a letter demanding he remove his post about the subject from his blog or face the consequences. The original blog post has now been replaced with a post titled "Surrendering to Microsoft and Bing cashback" which includes the letter send by the Microsoft lawyers.

Microsoft have spent hundreds of millions of dollars trying to compete with their main rivals Google and must have red faces now as a cached version of Meghani's original post is still available via the Google search engine, as well as Yahoo. (I notice that it doesn't appear in Bing!) The cached versions provide a link to the cash back implementation documentation which Meghani says contains enough information for anybody to post fake cash back transactions. The exploit would also allow a malicious user to block another user's legitimate purchases from being reported correctly.

The final paragraph of the post states that in his next post Meghani will demonstrate other reasons to avoid using Bing cash back but it looks unlikely it will ever see the light of day.