Microsoft store hacked - logins, passwords stolen

Microsoft store hacked - logins, passwords stolen

Summary: Chinese hackers called Evil Shadow Team struck India's online Microsoft store over the weekend.

SHARE:

Hackers struck India's Microsoft store on Sunday, stealing login identities and passwords of customers who used the Web site for shopping.

According to a Monday report on the Times of India, the user details of the customers which were stolen from the online store, were reportedly in plain text file, without any encryption. The hackers allegedly belonged to a Chinese group, Evil Shadow Team.

Following the hack, the members posted on the Microsoft Web site stating "unsafe system will be baptized". The Web site has since been taken down, and at press time has yet to be restored.

Visitors to the Web site were greeted by a message that read "The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologize for any inconvenience this may have caused".

Microsoft has yet to acknowledge or comment on the security breach, when approached by the publication.

For more on this story, read Microsoft India's store hacked on ZDNet Asia.

Topics: Software Development, Browser, Microsoft, Security

Ellyne Phneah

About Ellyne Phneah

Elly grew up on the adrenaline of crime fiction and it spurred her interest in cybercrime, privacy and the terror on the dark side of IT. At ZDNet Asia, she has made it her mission to warn readers of upcoming security threats, while also covering other tech issues.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • RE: Microsoft store hacked - logins, passwords stolen

    Just curious, but what server software was being used at the Microsoft Store India?
    Tony Burzio
    • RE: Microsoft store hacked - logins, passwords stolen

      @Tony Burzio

      If it was a non-Windows product, it would've been known.

      PS. This is Zdnet ...
      Return_of_the_jedi
    • Difficult to tell

      @Tony Burzio
      The website that was broken into was not owned or operated by Microsoft. Quasar Media was the company that ran the website. They could be using Windows or Linux.
      toddbottom
    • RE: Microsoft store hacked - logins, passwords stolen

      @Tony Burzio

      A quick lookup shows they're using Windows Server 2003 with IIS 7.0. No further comments required.
      pleap
    • RE: Microsoft store hacked - logins, passwords stolen

      @Tony Burzio

      I heard the only security they had was AVG free.
      Scarface Claw
    • well

      @Tony Burzio Well obviously, I websites are hacked regardless of the software used to run them, its more of a matter of how the company that ran it protected their site. Clearly there were some security flaws with their system, and secondary security was lacking altogether (really? no encryption or hashing.. really? c'mon MS, hold your 3rd parties to greater standards).
      avatoin1
  • RE: Microsoft store hacked - logins, passwords stolen

    More details at The Hacker News ~ http://thehackernews.com/2012/02/microsoft-store-india-got-hacked-in.html
    evil9
  • RE: Microsoft store hacked - logins, passwords stolen

    You have to wonder who all this affects? Did they ONLY have names, and passwords of people local to India, or were they tied into a larger MS database? Did they have credit card info? This is leaving a LOT of information out.
    A. Noid
  • RE: Microsoft store hacked - logins, passwords stolen

    Congratulations! We have a winner for the "Factual but Misleading Headline of the Week Award!"<br><br>But then if you had said "Third-party website in India hacked (that carries a local store for Microsoft)" you wouldn't have gotten any clicks.
    A.Sinic
    • RE: Microsoft store hacked - logins, passwords stolen

      @A.Sinic
      Typical for most blogs to sensationalize non-news...
      dc1026
    • RE: Microsoft store hacked - logins, passwords stolen

      @A.Sinic It's still Microsoft's store. And they don't get out of responsibility for a contractor that stores passwords in plain text. They're supposed to know better.
      symbolset
  • Alll-Righty then. . .

    Thanks for another opportunity to waste a few minutes on an absolutely useless piece of non-information.
    NGENeer
  • RE: Microsoft store hacked - logins, passwords stolen

    hmmmmm... Not really a true story because it was NOT a microsoft store...
    Corynthus@...