Breaking: Microsoft Store India has been hacked! (Update: Database hacked, Passwords exposed)

We just got tipped by Aman that Microsoft India store has been hacked. I just checked it a minute back and he was right. It has been hacked. This is the homepage at this moment (10:00 PM IST):


As you can see from the image above, it has been hacked by EvilShadow team – 7z1&Ancker. From the tiny little flag and blog links, it looks like the hackers are from China. Their motivation is unknown at this point.

From 7z1′s blog:

 ”Do not explain, line and over ~ 

The reason for this hack hasn’t been stated but they have managed to upload a file called evil.html which says “Unsafe system will be baptized”.
Also worth noting is that you can browse the rest of the website by going to their category directly.
Stay tuned, we’ll keep you update on this and will get Microsoft’s word on this.
Update: This is huge guys. This is terrible news. Database of MS Store India has been exploited as well and the worst has happened. The passwords were saved in plain text. Yes, the scale of damage is far more than we initially assumed.
Read more in detail here : hackteach
(image has been removed, sorry for the delay.)

Note – If you have registered at Microsoft India Store at any point of time, I strongly urge you to change your password right now. It’s extremely crucial you do that right away.

Update 2: Looks like Microsoft is back in control of the website. It’s up and running, displaying the following message:

The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologize for any inconvenience this may have caused.


28 thoughts on “Breaking: Microsoft Store India has been hacked! (Update: Database hacked, Passwords exposed)”

    1. What do you mean “hacked by no reason”? Anyone who stores passwords in clear text deserves to have that portion of the DB exposed.

      1. Yes, because the customers who are unaware that their passwords are stored in plain text deserve to be inconvenienced by having them exposed and then having to change their password at every login where they’ve used that particular password.

        Do you think before you comment ?

  1. Probably would have been a good idea if they’d blocked out the passwords as well as the email addresses. Folks sometimes use the same passwords on more than one site. With some of those email addresses, you can tell that they’re using their first/last name +the  domain as their email. Add the password and you’ve got an instant login for other sites.

    Not cool.

  2. Strange but nothing nothing new. Sony playstation stores such info in plain text format before. Microsoft India has done the same. When will they ever learn?

    Now, public will think: If microsoft India is storing passwords in such unsecured manner, what about online retail stores like flipkart.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>