Microsoft Store India Hacked, Passwords Stored in Plain Text

Last summer's PSN breach has meant companies are being watched more closely than ever when it comes to protecting users and securing their networks. This week, Microsoft has found itself to be the latest victim of hacking as hackers targeted the Microsoft Store India. Owned and run by Quasar Media, the site yesterday displayed (Google Cache) this welcome message to visitors to the site:

Those responsible for the attack go by the name of EvilShadow team and appear to be Chinese. The group has not yet provided a reason for the attack, except to say that "unsafe system will be baptized." According to Windows Phone Sauce, EvilShadow managed to access the site's database where users' passwords were being stored in plain text. The group has posted a screenshot showing a sample of the stolen login credentials on its blog. Needless to say, if you're registered with Microsoft Store India, now might be a good time to change your password. Microsoft has not yet commented on the breach, and Quasar Media, the company that operates MS Store India, hasn't released a statement regarding the incident either.

The site seems to be back in right hands, but it isn't up and running as normal just yet. The homepage right now shows an apology for the store being down:

The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologize for any inconvenience this may have caused.

We'll keep you posted regarding any statement from Microsoft of Quasar Media.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
33 comments
Comment from the forums
    Your comment
    Top Comments
  • Darkerson
    /facepalm

    You would think some of these companies would learn to stop storing all this info in plain text format, especially with all the hacking events last year. Guess not...
    18
  • Netherscourge
    Plain Text Password storage.

    The latest in Microsoft Security.
    18
  • mihaimm
    phamhlamI hope you morons read the article and know that the store wasn't operated by microsoft but by Quasar Media. If Microsoft ran it, this would not be how they operate.

    It's like McDonald's restaurants... not operated by them, but you're still gonna blame them for all the trash you eat. Same thing here... When I see a Microsoft store I don't care/know it's operated by Quasar Media. M$ should really impose standards on the companies the're working with, not just care about how much money they can make.
    16
  • Other Comments
  • Darkerson
    /facepalm

    You would think some of these companies would learn to stop storing all this info in plain text format, especially with all the hacking events last year. Guess not...
    18
  • mihaimm
    It's incredible that software companies still store actual passwords in plain text. This should be plain illegal as many users have the same password for the different sites they use and the only reason to store it in plain text is to try to access the other sites...
    12
  • Netherscourge
    Plain Text Password storage.

    The latest in Microsoft Security.
    18