Well, this is huge! Microsoft’s India online store website has been hacked and all user information which was stored in plain text format without any encryption has also been exposed. It looks like the hacker team got remote access to the whole web server.
The main reasons behind this hack are still unknown but from the homepage replaced information, its been predicted that a non well known hacker organization EvilShadow is behind all this invasion.
Microsoft pulled out the store page right now and might be working on this to get back the site. The unacceptable thing in all this story is that the software giant stored all the user information including passwords in the database in plain text without any encryption for such online shopping site.
Update (as of 11:45 PM Central Time, 2/12/12) – The Microsoft Store India is still currently unavailable to users. To patch up things, Microsoft is asking customers to change their passwords immediately. Full email message is copied down below from one of our blog readers:
From: Microsoft Store <[email protected]>
Date: Sun, Feb 12, 2012 at 8:04 PM
Subject: Alert: Microsoft Store India Compromise – Please Update User Name & Password Information
Dear XXXX,
Microsoft Store Customer Update
We are writing to inform you that there may have been unauthorized access to some of your customer account information on Microsoft Store India (http://www.microsoftstore.co.in/). We have confirmed that databases storing credit card details and payment information were not affected during this compromise. However, exposed account details may include non-financial related information including e-mail address, password, order details and shipping address.
Microsoft Store takes this situation very seriously, and the company is diligently working to remedy the issue and keep our customers protected. We need your help in this regard and we ask that you please take the following steps to prohibit any further unauthorized access to your information.
Precautions You Should Take
In order to secure your account information, Microsoft Store will take the action to re-set your password. Please follow these steps to ensure your privacy is protected:
1. If you use the same e-mail and password combination on any other sites, including non-Microsoft websites or services, you should proactively change the password immediately to ensure your personal information is protected.
2. You will receive an e-mail with a temporary password and a prompt to create a new password. Please note, the password reset relates only to Microsoft Store India.
3. Once you receive the e-mail you should immediately create a new password, one that is both secure and familiar to you.
Microsoft Store is Here to Help
We understand that you may have additional questions and Microsoft Store is here to help. If you have specific questions about your Microsoft Store account or want more information about computing and personal security please contact us at 1800-102-1100.
We apologize for any inconvenience this incident might cause.
Thank you,
Microsoft Store IndiaMicrosoft Store, One Microsoft Way, Redmond, WA, 98052, USA
More pictures (the last one is huge) from the HackTeach website below:
Leave a Reply