You can now add Microsoft to the list of companies that have recently been burned by hackers.
Microsoft’s online store in India was hacked this morning by Chinese hacker group EvilShadow team – 7z1&Ancker, reports WP Sauce. Even worse, it appears that the store’s database of usernames and passwords has been leaked as well, potentially exposing those users’ payment information.
At the time of this post, Microsoft’s India online store is still offline. We’ve dropped a word into Microsoft for more details on the situation.
While we can easily confirm that the site is offline, it’s more difficult to prove if the store’s username database has been hacked. Screenshots potentially showing information from the database have been released by the Chinese site HackTeach, but Microsoft has yet to confirm that the data has been compromised. HackTeach is also reporting that the passwords were unsecured and saved in plain text, which if true, would be a shocking security blunder on Microsoft’s part.
Update: A Microsoft representative has sent along the following comment: “Microsoft is investigating the limited compromise of the company’s online store in India. Microsoft is diligently working to remedy the issue and keep our customers protected.”
VB's research team is studying web-personalization... Chime in here, and we’ll share the results.