Microsoft India store down after hack attack

Microsoft's store in India was hit in an apparent cyberattack Feb. 12.  

The hackers made off with usernames and passwords of customers who have previously placed orders on the site.

The Chinese hacker group, named Evil Shadow Team, infiltrated www.microsoftstore.co.in and stole the user information, which was apparently stored as an unencrypted text file. It then took credit for the attack by posting screenshots and a portion of the stolen usernames and passwords (obscured) on its website.


Related coverage:

Cyber criminals find new way to exploit old Office hole


After the breach was discovered, Microsoft took the website offline, which is still down as of Monday afternoon.

Commenting on the hack, Microsoft sent the following statement to Reuters: "Microsoft is investigating a limited compromise of the company's online store in India. The store customers have already been sent guidance on the issue and suggested immediate actions. We are diligently working to remedy the issue and keep our customers protected."

Guidance was provided in e-mails to its Microsoft India customers, stating that while the passwords and user names had, in fact, been stolen, the database containing payment information (including credit card numbers and billing addresses) had not been compromised.

The company also said it had reset all user passwords and advised those to change similar information stored on other sites as soon as possible. "If you use the same e-mail and password combination on any other sites, including non-Microsoft websites or services, you should proactively change the password immediately to ensure your personal information is protected."

Microsoft provided no information on when its India-based online store would be back up.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above