Microsoft India store down after hack attack
- By 1105 Media Staff
- Feb 14, 2012
Microsoft's store in India was hit in an apparent cyberattack Feb. 12.
The hackers made off with usernames and passwords of customers who have previously placed orders on the site.
The Chinese hacker group, named Evil Shadow Team, infiltrated www.microsoftstore.co.in and stole the user information, which was apparently stored as an unencrypted text file. It then took credit for the attack by posting screenshots and a portion of the stolen usernames and passwords (obscured) on its website.
Cyber criminals find new way to exploit old Office hole
After the breach was discovered, Microsoft took the website offline, which is still down as of Monday afternoon.
Commenting on the hack, Microsoft sent the following statement to Reuters: "Microsoft is investigating a limited compromise of the company's online store in India. The store customers have already been sent guidance on the issue and suggested immediate actions. We are diligently working to remedy the issue and keep our customers protected."
Guidance was provided in e-mails to its Microsoft India customers, stating that while the passwords and user names had, in fact, been stolen, the database containing payment information (including credit card numbers and billing addresses) had not been compromised.
The company also said it had reset all user passwords and advised those to change similar information stored on other sites as soon as possible. "If you use the same e-mail and password combination on any other sites, including non-Microsoft websites or services, you should proactively change the password immediately to ensure your personal information is protected."
Microsoft provided no information on when its India-based online store would be back up.