Microsoft Store India Hacked, Passwords Stored in Plain Text

/facepalm

You would think some of these companies would learn to stop storing all this info in plain text format, especially with all the hacking events last year. Guess not...

It's incredible that software companies still store actual passwords in plain text. This should be plain illegal as many users have the same password for the different sites they use and the only reason to store it in plain text is to try to access the other sites...

Plain Text Password storage.

The latest in Microsoft Security.

One of the passwords was the name of a famous cricket player

MuttiahMuralitharan

Hardly plain text though is it....

Well, looks like J got it the PM...

I imagine even software written in-house by companies should have evolved past plain text password storage, why bother using software at all if you're going to do that.

I hope you morons read the article and know that the store wasn't operated by microsoft but by Quasar Media. If Microsoft ran it, this would not be how they operate.

It's like McDonald's restaurants... not operated by them, but you're still gonna blame them for all the trash you eat. Same thing here... When I see a Microsoft store I don't care/know it's operated by Quasar Media. M$ should really impose standards on the companies the're working with, not just care about how much money they can make.

MFST store inda... what the hell do they even offer there?
software on how to come to america and get a tax free business?

you didn't get it. plain text is opposed to encrypted passwords. so MuttiahMuralitharan wouldn't appear like plain text "MuttiahMuralitharanHardly" it would appear like 2d45yjehdtw9mr4wje879dthw894fjg9gh8794gferio
so even if they could get the passwords they couldn't use them because they were encrypted. that is, if they are unable to crack the hash. most times they are encrypted with just md5, which is very weak and crackable.


The problem here is that it's very easy for a company to implement better security. Yet microsoft a multi billion dollar company is unable to implement extremely simple security measures to protect their costumers data. And outsourcing it to another company is not an excuse for security failures.
So any script kiddie with some skills is capable of exploiting those breaches in security and then this happens. Anyone with basic programming skills and some hours of googling is capable of doing this. You would be surprised so easy it is in most cases.

what is the meaning of unsafe systems will be baptized

Easily hackable system? Plaintext passwords? Sounds like Indian programmers indeed...

Make it illegal in the US, they just offshore it to India. Seems cheaper this way... until ALL chickens are counted. Some VP got his bonus.

I don't know about you but I feel very secure in the knowledge that all my financial information has been sent to Indian support centers.

Ya know, if you have to explain a joke it just aint funny anymore...

Outsourcing

I like how one user has an email that is firstnamelastname@xxx.xxx, and a password that is firstnamelastname. Even with the block does not help them.....

That is a facepalm, but this is what happens when you let foreign divisions have their own ways. My line of work is all government/domestic. My wife however manages a has a significant roll in outsource management for her company (to India and China.) Truth be told it gets very old and expensive micromanaging foreign offices with a constant stream of talented managers flown over to help them along, and they just don't quite produce results on their own.

People trash Apple for demanding 100% control over anything with their name on it. They do it so that everyone follows the same guidelines and ensures a complete quality umbrella for all their branches.

But when Microsoft lets their outsourced vendors run a shop with a crooked security system, it's "ok" because at least their products are easier to hack and pirate stuff with.

"Bob, we need to invest a few dozen thousand of dollars in upgrading our security. Look at PSN."

"That's too expensive, it's extremely unlikely that someone is going to crack our system."


Security maintenance at its best.

Many companies try to avoid using encryption where the passwords are salted and hashed to something that is resource consuming like AES256 because it requires additional hardware, (servers, and other infrastructure). Since their main motivation is profit, they will often go with the bare minimum just to get the service working, unless the market demands something better/ more secure. Until the majority of computer users start working on gaining more understanding of encryption technologies and the concept behind increasing entropy in their passwords, many companies will be reluctant to invest in more secure systems (especially if any fines they get, ends up being cheaper than implementing better security).

No one thinks it is OK, but at least we all know it's not directly Microsofts fault, if they were directly in charge you know for a fact this wouldn't happen, chalk this one up to proving that if you don't stand directly over someones shoulder human nature kicks in a people get stupid and lazy.

How dumb. Microsoft definitely should have their partners do better security than that!

People always blame the company in these cases but having worked with many different IT people, I've come to the conclusion that it doesn't matter what policies your company has, there's always some idiot manager who thinks he knows enough to interview his employees. He doesn't have qualified people present at the interview which leaves the door open for idiots who bluff their way through the whole thing. These people barely get by keeping the network running and you end up with stupid shit like passwords stored in plain text.

I run into this all the time. When people give job interviews, they really should hire an IT consultant to ensure said person knows what he's doing.

We recently released a hospital IT contract to an idiot who bluffed his way through the interview. This "Professional" then asked me how to allow someone on the domain access to a shared folder. People's lives can be in danger and this guy is in charge of ensuring vital data is accessible...

Quasar, actually.

Reading - it's not for everyone.

This.
Also how Firefox became such a bloated piece of crap after the project was turned over to Indian devs >

Interview skills are vastly more important than technical skills all over the IT industry. One company I worked at had a DBA position open and got hundreds of applicants. The guy they hired had no Oracle experience, his MS Access time apparently wasn't enough, who'd have guessed? Not just that, but the guy asked the same questions repeatedly, indicating that he wasn't really picking anything up. I get tired of taking time away from my job to tell people making more than me how to do theirs.

Microsoft Flight simulator, NY edition...

The Indian middle class which is exploding (unlike our shrinking one) is quite interested in software and electronics.

Your ignorance is why they are taking your jobs. I interview engineers from both countries and they are eating our lunch.

You know i'm a bit annoyed with all these "OMG outsourcing to India is such a bad idea, they're taking our jobs, whine whine whine" on every article like this.

The idea is simple: If you want your jobs, then deserve them.


Anyway, MS, Google, FB, etc are all multi-nationals now, so if you guys seriously think that all their staff should be from the US, then that's BS. Heck, all major companies/institutions around the world have people from different countries holding different positions. So if you think all the outsourcing happens to Asia, do remember that most, if not all, of your companies have very senior members from Asia and India. Heck, even hotmail was created by an Indian.

I'm not saying this wasn't stupid, especially after PSN, but i'm just saying, if this had happened in the States or in Europe, i'm sure you wouldn't be saying "that's what you get when you employ people from the US". Don't say that in this case either. At least, don't generalize.

After the recent spree of hackings, Microsoft India has no excuse.