Microsoft online customer accounts hacked in India

A group calling itself Evil Shadow Team reportedly stole usernames and passwords of Microsoft Store customers.

Microsoft's online store in India was hacked on Sunday, resulting in the theft of usernames and passwords of the site's customers.

A Chinese group of hackers calling itself Evil Shadow Team took credit for the hack, posting screenshots of obscured usernames and passwords that it found unencrypted on the site, according to Reuters. The group touted the attack on its own blog (here's an English translation). posting a screenshot of the hacked Web site with the message: "Unsafe system will be baptized."

Microsoft has since taken down the hacked site and replaced it with a message telling users that "The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible."


Microsoft confirmed the news in the following statement sent to CNET:

Microsoft is investigating the limited compromise of the company's online store in India. Customers have been notified and provided with guidance to reset their passwords. We are diligently working to remedy the incident and keep our customers protected.
Related stories:

Since the passwords were stored in clear text and not encrypted, customers who've purchased items through the site are at risk.

A report in the Times of India is advising users to change their passwords as soon as the site comes back online. And if they've used the same credentials at other sites, they're urged to change those as well.

No details were revealed as to why the group targeted Microsoft's Indian site or how they hacked their way in. But unencrypted passwords are highly valued by hackers, who can frequently use them to break into other--sometimes more vital--accounts if users have reused their passwords (as they all-too frequently do). It also shows a surprising lack of security for a company like Microsoft.

But a comment in a story by AFP says that "Indian IT specialists have long lamented what they say is a lack of awareness about Internet security across the country."

Updated 10:30 a.m. PTwith response from Microsoft.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Roku 4: Our favorite TV streaming system gets 4K video and a remote locator

Ever lose your remote in the couch cushions? Ever wish you could stream 4K Netflix without having to use your TV's built-in app? Roku's new high-end player, the $129 Roku 4, brings these new extras to its best-in-class streaming ecosystem.

by David Katzmaier