I have been back and forth on releasing this finding.
To limit the risk for harm in releasing this information; I have allowed 10 months since sharing with Microsoft with the hopes that most users have upgraded and replace their version of Microsoft Bing from their devices.
I shared with Microsoft I intended to release this information they had asked me to allow them to review before releasing:
"Can you provide us a copy of the article you intend to publish so we can review?"
To let them edit or review the content felt inauthentic, so I have went forward and shared with no ill will towards Microsoft and with the intention of a safer happier world for all :)
I can see that unfortunately if nothing is shared it might allow:
a) A legal precedent for humans to argue that the content of their web history is not theirs, but the device history came that way from Microsoft Bing.
It is our intention in sharing this information that Blackberry and others will make changes to implement better security practices. These issues have been secured so there is no risk in exposing this data. Blackberry users, the Internet, and world as a whole deserves to have their data secure and taken care of by the companies we put trust in.
BlackBerry has always had a strong name for being secure. It disappoints us that in our research we found the use of incredibly insecure passwords.
These passwords are used to secure personal, corporate, government, military, and defense data.