ie8 fix
madison
Home / News & Blogs

Microsoft store hacked - logins, passwords stolen

Ellyne Phneah , ZDNet Asia | February 13, 2012 6:54 AM PST

Summary

Chinese hackers called Evil Shadow Team struck India's online Microsoft store over the weekend.

Topics

India, Password, Microsoft Corp., Web Site, Hacker, Web Site Development, Web Technology, Hacking, Channel Management, Security, Internet, Marketing

Hackers struck India's Microsoft store on Sunday, stealing login identities and passwords of customers who used the Web site for shopping.

According to a Monday report on the Times of India, the user details of the customers which were stolen from the online store, were reportedly in plain text file, without any encryption. The hackers allegedly belonged to a Chinese group, Evil Shadow Team.

Following the hack, the members posted on the Microsoft Web site stating "unsafe system will be baptized". The Web site has since been taken down, and at press time has yet to be restored.

Visitors to the Web site were greeted by a message that read "The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologize for any inconvenience this may have caused".

Microsoft has yet to acknowledge or comment on the security breach, when approached by the publication.

For more on this story, read Microsoft India's store hacked on ZDNet Asia.

13
Comments
Add Your Opinion

Join the conversation!

Just In

well
avatoin1 14th Feb
@Tony Burzio Well obviously, I websites are hacked regardless of the software used to run them, its more of a matter of how the company that ran it protected their site. Clearly there were some security flaws with their system, and secondary security was lacking altogether (really? no encryption or hashing.. really? c'mon MS, hold your 3rd parties to greater standards).
View in thread
0 Votes
+ -
RE: Microsoft store hacked - logins, passwords stolen
Tony Burzio 13th Feb
Just curious, but what server software was being used at the Microsoft Store India?
0 Votes
+ -
RE: Microsoft store hacked - logins, passwords stolen
Return_of_the_jedi 13th Feb
@Tony Burzio

If it was a non-Windows product, it would've been known.

PS. This is Zdnet ...
0 Votes
+ -
Difficult to tell
toddbottom 13th Feb
@Tony Burzio
The website that was broken into was not owned or operated by Microsoft. Quasar Media was the company that ran the website. They could be using Windows or Linux.
0 Votes
+ -
RE: Microsoft store hacked - logins, passwords stolen
pleap 13th Feb
@Tony Burzio

A quick lookup shows they're using Windows Server 2003 with IIS 7.0. No further comments required.
0 Votes
+ -
RE: Microsoft store hacked - logins, passwords stolen
Scarface Claw 13th Feb
@Tony Burzio

I heard the only security they had was AVG free.
0 Votes
+ -
well
avatoin1 14th Feb
@Tony Burzio Well obviously, I websites are hacked regardless of the software used to run them, its more of a matter of how the company that ran it protected their site. Clearly there were some security flaws with their system, and secondary security was lacking altogether (really? no encryption or hashing.. really? c'mon MS, hold your 3rd parties to greater standards).
0 Votes
+ -
RE: Microsoft store hacked - logins, passwords stolen
evil9 13th Feb
More details at The Hacker News ~ http://thehackernews.com/2012/02/microsoft-store-india-got-hacked-in.html
0 Votes
+ -
RE: Microsoft store hacked - logins, passwords stolen
A. Noid 13th Feb
You have to wonder who all this affects? Did they ONLY have names, and passwords of people local to India, or were they tied into a larger MS database? Did they have credit card info? This is leaving a LOT of information out.
0 Votes
+ -
RE: Microsoft store hacked - logins, passwords stolen
A.Sinic Updated - 13th Feb
Congratulations! We have a winner for the "Factual but Misleading Headline of the Week Award!"

But then if you had said "Third-party website in India hacked (that carries a local store for Microsoft)" you wouldn't have gotten any clicks.
0 Votes
+ -
RE: Microsoft store hacked - logins, passwords stolen
dc1026 13th Feb
@A.Sinic
Typical for most blogs to sensationalize non-news...
0 Votes
+ -
RE: Microsoft store hacked - logins, passwords stolen
symbolset 13th Feb
@A.Sinic It's still Microsoft's store. And they don't get out of responsibility for a contractor that stores passwords in plain text. They're supposed to know better.
0 Votes
+ -
Alll-Righty then. . .
NGENeer 13th Feb
Thanks for another opportunity to waste a few minutes on an absolutely useless piece of non-information.
0 Votes
+ -
RE: Microsoft store hacked - logins, passwords stolen
Corynthus@... 14th Feb
hmmmmm... Not really a true story because it was NOT a microsoft store...

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

ie8 fix