Hackers Leak Indian Microsoft Website User Data
A Microsoft retail website in India has been hacked by Chinese hacker group EvilShadow Team, according to various media reports.
The hack, occurring sometime within the last 24 hours, also managed to leak customer usernames and passwords, potentially exposing users´ payment information. It appears the site kept its user information in plain text, making it easy for hackers to get the information.
Describing himself as a patriotic hacker, EvilShadow Team member 7z1 posted that the data had been found unencrypted on the site, Reuters reports.
“Microsoft is investigating a limited compromise of the company´s online store in India,” A spokeswoman for Microsoft told Reuters in an emailed statement. “The store customers have already been sent guidance on the issue and suggested immediate actions. We are diligently working to remedy the issue and keep our customers protected.”
An error message at Microsoft Store India currently reads: “The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologize for any inconvenience this may have caused.”
While it remains difficult to prove if the site´s username database was leaked, screenshots potentially showing information from the database have been released by the Chinese site HackTeach. Microsoft has yet to confirm that the data has been compromised.
“I am not sure when the site will be up again or what happened,” Microsoft Store India spokesman Rahul Roy said in a statement.
On the Net: