Microsoft's Online India Store Hacked, Personal Info Stolen
Hackers attacked Microsoft's store in India Sunday night, making off with usernames and passwords of customers who have previously placed orders on the site.
The Chinese hacker group, named Evil Shadow Team, infiltrated www.microsoftstore.co.in and stole the user information, which was apparently stored as an unencrypted text file. It then took credit for the attack by posting screenshots and a portion of the stolen usernames and passwords (obscured) on its Web site.
After the breach was discovered, Microsoft took the Web site offline, which is still down as of Monday afternoon.
Commenting on the hack, Microsoft sent the following statement to Reuters: "Microsoft is investigating a limited compromise of the company's online store in India. The store customers have already been sent guidance on the issue and suggested immediate actions. We are diligently working to remedy the issue and keep our customers protected."
Guidance was provided in e-mails to its Microsoft India customers, stating that while the passwords and user names had, in fact, been stolen, the database containing payment information (including credit card numbers and billing addresses) had not been compromised.
The company also said it had reset all user passwords and advised those to change similar information stored on other sites as soon as possible. "If you use the same e-mail and password combination on any other sites, including non-Microsoft websites or services, you should proactively change the password immediately to ensure your personal information is protected."
Microsoft provided no information on when its India-based online store would be back up.