Financial data possibly exposed after Microsoft India hack

Financial information may have been stolen by those who hacked into India's Microsoft store earlier this month, according to customer, contradicting Redmond's previous assertion that payment details were not exposed.
Written by Kevin Kwang, Contributor

Hackers may have their hands on financial information belonging to some Microsoft customers, following the attack on the software giant's India store earlier in February.

According to a blog post on Monday by Amit Agarwal, a Microsoft customer and personal tech columnist with the Wall Street Journal, Microsoft had sent out an e-mail the day after the breach saying that e-mail addresses, passwords, and shipping addresses of users might have been stolen. No payment information, though, was exposed to hackers, the company said then.

However, Redmond subsequently sent Agarwal a follow-up e-mail on Monday stating that financial information for some customers of Microsoft India store might have been exposed after "further detailed investigation", according to the e-mail message posted up on the columnist's blog.

"Microsoft had outsourced its online store to an advertising and digital marketing agency called Quasar Media, and this company was probably storing customer's confidential data in plain text inside a Microsoft Access database that hackers got hold of," Agarwal posited.

An earlier report identified the hackers as possibly belonging to a Chinese group, Evil Shadow Team, and user details that were stolen were reportedly archived in plain text file, without any encryption.

Editorial standards