Hackers Leak Indian Microsoft Website User Data
February 13, 2012

Hackers Leak Indian Microsoft Website User Data

A Microsoft retail website in India has been hacked by Chinese hacker group EvilShadow Team, according to various media reports.

The hack, occurring sometime within the last 24 hours, also managed to leak customer usernames and passwords, potentially exposing users´ payment information. It appears the site kept its user information in plain text, making it easy for hackers to get the information.

Describing himself as a patriotic hacker, EvilShadow Team member 7z1 posted that the data had been found unencrypted on the site, Reuters reports.

“Microsoft is investigating a limited compromise of the company´s online store in India,” A spokeswoman for Microsoft told Reuters in an emailed statement. “The store customers have already been sent guidance on the issue and suggested immediate actions. We are diligently working to remedy the issue and keep our customers protected.”

An error message at Microsoft Store India currently reads: “The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologize for any inconvenience this may have caused.”

While it remains difficult to prove if the site´s username database was leaked, screenshots potentially showing information from the database have been released by the Chinese site HackTeach. Microsoft has yet to confirm that the data has been compromised.

Microsoft Store Indian is not run by Microsoft. According to the site´s Terms of Use, the store is owned and operated by an Indian company named Quasar Media, which has been “appointed by Microsoft to own, maintain and operate the online store.”

“I am not sure when the site will be up again or what happened,” Microsoft Store India spokesman Rahul Roy said in a statement.


On the Net: