Microsoft online store in India hacked

13 Feb 2012

A hacker team apparently from China, has hacked Microsoft's online store in India and claimed credit, taking away login IDs and passwords of customers of Microsoft products.

The site, Microsoftstore.co. is not run by Microsoft, but is owned and operated by Quasar Media, an Indian company appointed by Microsoft to own, maintain and operate the online store.

The attack left login IDs and passwords compromised.

The Evil Shadow Team, evidently from China, claimed credit for the hack, as also the theft of the login IDs and passwords, which turned out to be a piece of cake, as all sensitive information appeared to have been stored in plain text.

The site is no longer online, however, wpsause website, which broke the news, reports that while the reason for the hack had not been explicitly stated, the hackers appeared to have uploaded a file called evil. Html, which says ''Unsafe system will be baptized.''

Meanwhile, according to experts all users registered with Microsoft India Store should play safe and change their password right now and it was extremely crucial that they did that right away.

Last year, hacker groups like LulzSec in a series of attacks pulled off several-profile high profile break-ins, highlighting the lax security measures companies had put in place. The web site of Japanese electronics giant, Sony suffered several security breaches with the hackers stealing user ids and passwords of customers from its network.

In a message posted on a website called Pastebin, LulzSec claimed the group was trying to focus attention on web security. "Do you think every hacker announces everything they've hacked? We certainly haven't, and we're damn sure others are playing the silent game. Do you feel safe with your Facebook accounts, your Google Mail accounts, your Skype accounts? What makes you think a hacker isn't silently sitting inside all of these right now," the group wrote. (Also see: LulzSec attacks Murdoch's The Sun, website)

The break in at Microsoft Store yesterday, points to the fact that lessons have not been learnt. Microsoft too, like Sony earlier, now says that user ids and passwords had not been encrypted at the time of security breach. The company too, seems to have been remiss about handling the user details by storing them in a plain text file.