Microsoft Store India site has been compromised by EvilShadow, a Chinese group yesterday. The hackers defaced the site and linked their blog along with email id.
Microsoft took this situation very seriously and put the site down for now, the hackers placed a picture of the Guy Fawkes mask that is often used by Anonymous hacker group who are known for their high profile hacking activities.
Many sources claim that hackers had access to the database and a list of usernames and passwords have been released. But the shame is that Microsoft saved user accounts password in plain text format.
Today Microsoft has sent email to users, requesting to change their passwords immediately. Here is excerpt of email:
We are writing to inform you that there may have been unauthorized access to some of your customer account information on Microsoft Store India. We have confirmed that databases storing credit card details and payment information were not affected during this compromise. However, exposed account details may include non-financial related information including e-mail address, password, order details and shipping address.
It would be wrong to say its Microsoft fault. Because the site was maintained by an Indian company named Quasar Media. And now Microsoft has got control on site working to restore access as quickly as possible.