In a major event today hacker group calling itself Chinese Evil Shadow Team has struck and hacked down Microsoft Store in India (www.microsoftstore.co.in) causing highly sensitive information’s like login ids and passwords of users who had used the website for purchasing Microsoft products to be stolen. According to a online report from Wpsauce who first reported this hacking “It has been hacked by EvilShadow team – 7z1&Ancker. From the tiny little flag and blog links, it looks like the hackers are from China. Their motivation is unknown at this point.” The site is not run by Microsoft, but Quasar Media, an Indian company responsible for its maintenance and operation. As a proof of hack, the hacker group has released user database containing emails, password from Microsoft Store.
According to reports highly sensitive information’s was stolen by exploiting database of the Microsoft Store India and it seems the passwords were saved in plain text, which shows how irresponsible this big companies are on website security. Shortly after the website was hacked, Microsoft seems to take back the control and the site was taken offline. Now the site is showing the message “The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologize for any inconvenience this may have caused.“
According to a Microsoft spokesperson “Microsoft is investigating the limited compromise of the company’s online store in India. The store customers have already been sent guidance on the issue and suggested immediate actions. Microsoft is diligently working to remedy the issue and keep our customers protected,”
Microsoft India has acknowledged the attack, and sent out precautionary emails to all its customers. The company reassured users that credit card details and payment information databases were not affected, however, other data may have been exposed, such as order details, and shipping addresses, apart from usernames, e-mail addresses, and passwords. They have asked users using the same e-mail and password combinations on any other web properties to “proactively change the password immediately” to prevent any sort of breach on personal accounts.
It seems a high profile hack on Indian based sites, and it surely points the vulnerable security implemented by big organizations like Microsoft.
Update – Microsoft email message ( also available online here)
Do let us know your views on this hacking.