Microsoft Store India Hacked, Passwords Stored in Plain Text
Microsoft targeted in latest attack.
Last summer's PSN breach has meant companies are being watched more closely than ever when it comes to protecting users and securing their networks. This week, Microsoft has found itself to be the latest victim of hacking as hackers targeted the Microsoft Store India. Owned and run by Quasar Media, the site yesterday displayed (Google Cache) this welcome message to visitors to the site:
Those responsible for the attack go by the name of EvilShadow team and appear to be Chinese. The group has not yet provided a reason for the attack, except to say that "unsafe system will be baptized." According to Windows Phone Sauce, EvilShadow managed to access the site's database where users' passwords were being stored in plain text. The group has posted a screenshot showing a sample of the stolen login credentials on its blog. Needless to say, if you're registered with Microsoft Store India, now might be a good time to change your password. Microsoft has not yet commented on the breach, and Quasar Media, the company that operates MS Store India, hasn't released a statement regarding the incident either.
The site seems to be back in right hands, but it isn't up and running as normal just yet. The homepage right now shows an apology for the store being down:
The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologize for any inconvenience this may have caused.
We'll keep you posted regarding any statement from Microsoft of Quasar Media.

The latest in Microsoft Security.
You would think some of these companies would learn to stop storing all this info in plain text format, especially with all the hacking events last year. Guess not...
It's like McDonald's restaurants... not operated by them, but you're still gonna blame them for all the trash you eat. Same thing here... When I see a Microsoft store I don't care/know it's operated by Quasar Media. M$ should really impose standards on the companies the're working with, not just care about how much money they can make.
You would think some of these companies would learn to stop storing all this info in plain text format, especially with all the hacking events last year. Guess not...
The latest in Microsoft Security.
MuttiahMuralitharan
Hardly plain text though is it....
It's like McDonald's restaurants... not operated by them, but you're still gonna blame them for all the trash you eat. Same thing here... When I see a Microsoft store I don't care/know it's operated by Quasar Media. M$ should really impose standards on the companies the're working with, not just care about how much money they can make.
software on how to come to america and get a tax free business?
you didn't get it. plain text is opposed to encrypted passwords. so MuttiahMuralitharan wouldn't appear like plain text "MuttiahMuralitharanHardly" it would appear like 2d45yjehdtw9mr4wje879dthw894fjg9gh8794gferio
so even if they could get the passwords they couldn't use them because they were encrypted. that is, if they are unable to crack the hash. most times they are encrypted with just md5, which is very weak and crackable.
The problem here is that it's very easy for a company to implement better security. Yet microsoft a multi billion dollar company is unable to implement extremely simple security measures to protect their costumers data. And outsourcing it to another company is not an excuse for security failures.
So any script kiddie with some skills is capable of exploiting those breaches in security and then this happens. Anyone with basic programming skills and some hours of googling is capable of doing this. You would be surprised so easy it is in most cases.
Make it illegal in the US, they just offshore it to India. Seems cheaper this way... until ALL chickens are counted. Some VP got his bonus.
Ya know, if you have to explain a joke it just aint funny anymore...
People trash Apple for demanding 100% control over anything with their name on it. They do it so that everyone follows the same guidelines and ensures a complete quality umbrella for all their branches.
But when Microsoft lets their outsourced vendors run a shop with a crooked security system, it's "ok" because at least their products are easier to hack and pirate stuff with.
"That's too expensive, it's extremely unlikely that someone is going to crack our system."
Security maintenance at its best.