All pages with one click links should have no index follow or no index no follow. Your seo consultant (if you have one) should have advised you on this.
I am not saying this excuses the privacy violation but just suggesting there are things we can do...
Worse would be links that are private to the people who posses the url. Like a private video on YouTube or a private document in google docs. The security depends on the URL being secret. This would silently publish secret information.
If those pages have no proper meta tags or robots.txt, there’s absolutely nothing wrong with this. Security by obscurity was never a good approach; from Proxies to security scanners, there has always been software that crawls unassuming URLs and published the results somewhere, if only a report to the admin.
If you can say for certain that the links being published are coming from the malware scanning, and not being taken from users' browser sessions that are using Microsoft Edge you should elaborate on this.
I would be pretty mortified if browsers were using user browser sessions to scan content and pass it to bingbot…? What about if you’re browsing something local? Or your bank account?
All pages with one click links should have no index follow or no index no follow. Your seo consultant (if you have one) should have advised you on this.
I am not saying this excuses the privacy violation but just suggesting there are things we can do...