Skip to main content

Breaking: Microsoft India Store Has Been Hacked. Passwords In Plain Text Format Exposed [Update]

Well, this is huge! Microsoft’s India online store website has been hacked and all user information which was stored in plain text format without any encryption has also been exposed. It looks like the hacker team got remote access to the whole web server.

The main reasons behind this hack are still unknown but from the homepage replaced information, its been predicted that a non well known hacker organization EvilShadow is behind all this invasion.

 

image

 

Microsoft pulled out the store page right now and might be working on this to get back the site. The unacceptable thing in all this story is that the software giant stored all the user information including passwords in the database in plain text without any encryption for such online shopping site.

Update (as of 11:45 PM Central Time, 2/12/12) – The Microsoft Store India is still currently unavailable to users. To patch up things, Microsoft is asking customers to change their passwords immediately. Full email message is copied down below from one of our blog readers:

 

From: Microsoft Store <USemail@microsoftstoreemail.com>
Date: Sun, Feb 12, 2012 at 8:04 PM
Subject: Alert: Microsoft Store India Compromise - Please Update User Name & Password Information

clip_image001

Dear XXXX, 
Microsoft Store Customer Update
We are writing to inform you that there may have been unauthorized access to some of your customer account information on Microsoft Store India (http://www.microsoftstore.co.in/). We have confirmed that databases storing credit card details and payment information were not affected during this compromise. However, exposed account details may include non-financial related information including e-mail address, password, order details and shipping address. 
Microsoft Store takes this situation very seriously, and the company is diligently working to remedy the issue and keep our customers protected. We need your help in this regard and we ask that you please take the following steps to prohibit any further unauthorized access to your information. 
Precautions You Should Take
In order to secure your account information, Microsoft Store will take the action to re-set your password. Please follow these steps to ensure your privacy is protected: 
1. If you use the same e-mail and password combination on any other sites, including non-Microsoft websites or services, you should proactively change the password immediately to ensure your personal information is protected. 
2. You will receive an e-mail with a temporary password and a prompt to create a new password. Please note, the password reset relates only to Microsoft Store India. 
3. Once you receive the e-mail you should immediately create a new password, one that is both secure and familiar to you. 
Microsoft Store is Here to Help
We understand that you may have additional questions and Microsoft Store is here to help. If you have specific questions about your Microsoft Store account or want more information about computing and personal security please contact us at 1800-102-1100. 
We apologize for any inconvenience this incident might cause. 
Thank you,
Microsoft Store India

Microsoft Store, One Microsoft Way, Redmond, WA, 98052, USA

 

More pictures (the last one is huge) from the HackTeach website below:

 

image

 

image

 

 

image

image

 

image

 

image

 

 

 

Source: Engadget, HackTeach

Labels:

Comments

  1. Sai AbhilashFebruary 13, 2012 at 10:53 AM

    wow...great news ! Hats off to the hackers

    ReplyDelete
  2. Avinash KumpatiFebruary 13, 2012 at 11:12 AM

    Thats strange! No encryption in saving passwords.

    ReplyDelete
  3. ShivFebruary 13, 2012 at 11:38 AM

    omg !! thats strange.

    ReplyDelete
  4. SreedharFebruary 13, 2012 at 11:49 AM

    @Abhilash How come great that is bad.
    and I am not able to find the news any where else so not sure but it might be fake

    ReplyDelete
  5. Avinash KumpatiFebruary 13, 2012 at 11:57 AM

    @Sreedhar: This is not fake news. Please read the official email response from Microsoft in this post. The store website is still offline.

    ReplyDelete
  6. SreedharFebruary 13, 2012 at 1:54 PM

    @Avinash: Yes the site is down. But waiting for official news from Microsoft

    ReplyDelete
  7. Avinash KumpatiFebruary 13, 2012 at 10:30 PM

    @Sreedhar: If you read the official email from Microsoft (sent to one of its users) in this post, it did accept that the website is compromised.

    ReplyDelete

Post a Comment

Popular posts from this blog

Your Google Apps Account is Changing

Google is about to make more of its services available to organizations with Google Apps accounts. This is an early adopter phase, and all domains may not get this option to move to the new infrastructure. What this means for you: In addition to the core suite of messaging and collaboration applications, Google Apps users may now access many more Google services with their Google Apps accounts.     Those who are eligible for this early adoption, Google Apps administrator will be presented with the above banner to start with the migration. In your organization, you can transition selected pilot users and admins, or you can start the transition now for all your users. The transition for pilot users can be reverted if necessary. After successful transition, your users will now be able to use other Google popular products like AdSense, AdWords, Alerts, Analytics, Android, Blogger, Finance, Google Desktop, News, Orkut, Reader, Voice, YouTube (Full list here ). Als...
Post a Comment
Read more

How to Turn Your Android Phone into a Fully-Automated Superphone

What if your phone automatically went silent when you step into the movie theatre? Texted your significant other when you finished your long commute? Or automatically turned down the volume when a particularly loud friend called? It can; here's how. Android application Tasker gives you total rules-based automation for your Android phone. It's not free, but it offers a free 14-day trial download. Tasker can do nearly anything on your phone. It's mostly limited by your imagination. Here are some up-front ideas about neat automations that come to mind: • Set preferences for each application: Give the Kindle app a longer screen time-out. Make Maps or Foursquare automatically turn on GPS, and have a file browser launch when you trade out SD cards. Have your music and other audio apps lower the volume to 50 percent when you plug in headphones, so you never get a way-too-loud moment. • Time of day automation: Make your phone go into airplane mode overnight, but re-conne...
Post a Comment
Read more

Google Wallet: The Future Innovative Mobile Payments

Earlier few months, Google unveiled future innovative way of payment technology – Google Wallet. Today, Google released its first version of the Android app with Sprint Nexus S 4G phones through an over the air update. Google Wallet is an app that lets you pay for things using your phone, either by tying your credit card or gift or pre-paid cards. It works using an near field communication (NFC) embedded chip and there is no swiping required.   According to Techcrunch , Google Wallet will not work everywhere your credit card will. It won’t work everywhere there’s an NFC-friendly card reader, either. Wallet requires an NFC reader based on a new-ish specification, and only a select bunch of retailers have gotten around to updating. The post also had some great review and walkthrough in real life. This app is now available to Samsung Nexus S owners on Sprint, through PayPass sensors at Radio Shack, Foot Locker, Peet’s Coffee & Tea, Sunoco, CVS/pharmacy, etc. retailers. ...
Post a Comment
Read more