Breaking: Microsoft Store India has been hacked! (Update: Database hacked, Passwords exposed)

by on February 12, 2012 with 28 Comments in Microsoft , news

We just got tipped by Aman that Microsoft India store has been hacked. I just checked it a minute back and he was right. It has been hacked. This is the homepage at this moment (10:00 PM IST):

 

As you can see from the image above, it has been hacked by EvilShadow team – 7z1&Ancker. From the tiny little flag and blog links, it looks like the hackers are from China. Their motivation is unknown at this point.

From 7z1′s blog:

 ”Do not explain, line and over ~ 

The reason for this hack hasn’t been stated but they have managed to upload a file called evil.html which says “Unsafe system will be baptized”.
Also worth noting is that you can browse the rest of the website by going to their category directly.
Stay tuned, we’ll keep you update on this and will get Microsoft’s word on this.
Update: This is huge guys. This is terrible news. Database of MS Store India has been exploited as well and the worst has happened. The passwords were saved in plain text. Yes, the scale of damage is far more than we initially assumed.
Read more in detail here : hackteach
(image has been removed, sorry for the delay.)

Note – If you have registered at Microsoft India Store at any point of time, I strongly urge you to change your password right now. It’s extremely crucial you do that right away.

Update 2: Looks like Microsoft is back in control of the website. It’s up and running, displaying the following message:

The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologize for any inconvenience this may have caused.

 

464 days ago by in Microsoft , news | You can follow any responses to this entry through the RSS feed. You can leave a response, or trackback from your own site.
About the

20. Bhopal. Engineering ( IT ) student. Runs @wpsauce Follow my ramblings on Twitter: @weemundo

Related Posts

  • http://twitter.com/Nirmitk26 Nirmit Kavaiya

    NO!!

  • Khamidov Timur

    Really bad news! Hacked by no reason. Moron!

    • Sirdov

      What do you mean “hacked by no reason”? Anyone who stores passwords in clear text deserves to have that portion of the DB exposed.

      • Anonymous

        Yes, because the customers who are unaware that their passwords are stored in plain text deserve to be inconvenienced by having them exposed and then having to change their password at every login where they’ve used that particular password.

        Do you think before you comment ?

        • Dev

          Very Good LJ its due to people like in this world the hackers are alive !!!

          • Ftg

            are u fool

      • http://pulse.yahoo.com/_ATBRIZVHXYYYUFS5FIP3X7XWQI Laffen

        You sir are so correct!

  • Guest2009

    This website is managed by Quasar Media, not by Microsoft.

    • http://sathyabh.at SathyaBhat

      Does it matter? Ultimately, it’s MSFT store, not Quasar Media store.

    • Kiran

      Does it really matter ? Who are you. ? A PR agent for Microsoft ? 

      • Dev

        Kiran i think must think what you saying

  • Anonymous

    Probably would have been a good idea if they’d blocked out the passwords as well as the email addresses. Folks sometimes use the same passwords on more than one site. With some of those email addresses, you can tell that they’re using their first/last name +the  domain as their email. Add the password and you’ve got an instant login for other sites.

    Not cool.

  • Guest

    Dont you think you should blur out the personal details in the image?

    • http://www.wpsauce.com weemundo

      Image has been removed. Sorry for the delay!

  • http://www.hitgrove.net/ Hitgrove

    that’s really shit…. :( :( :( 

  • Anonymous

    撸过~~

  • Fffa

    Somebody’s going to have a nice case of the Mondays tomorrow

  • Girivvveera

    can u hide the last snapshot where the username is either firstname or lastname and domain name visible

    • http://www.wpsauce.com weemundo

      Image has been removed. Sorry for the delay!

  • http://hardwarebbq.com/ The Sorcerer

    Strange but nothing nothing new. Sony playstation stores such info in plain text format before. Microsoft India has done the same. When will they ever learn?

    Now, public will think: If microsoft India is storing passwords in such unsecured manner, what about online retail stores like flipkart.

  • http://www.desiedition.com/ Raz

    kewl.. exposing the loop holes of Microsoft.. :D

  • http://www.facebook.com/profile.php?id=100000084388461 Francis Joseph

    Intentional sabotage by the programmer? Or outsourced to just mediocre programmers?

    • http://www.wpsauce.com weemundo

      Outsourcing to mediocre programmers is what I suspect is the cause of all this.  

  • Sharad Meghnathi

    “Passwords are store in plain text”…. In which century they are living????

  • http://www.r-gate.net/ Mohamed Tair

    that’s really shit.

  • Rarchi3476

    hahahahaha im glad to listen this.. I Work for Microsoft and still couldnt blve.. nyways Nic one

  • Gone

    BAHAHAHAHAHA!

  • Anonymous

    they used microsoft windows to hack microsoft. Awwsome~~!!!

  • subscribers
    1000

  • &

Popular New Posts

Sponsored Applications


Car Scar icon


Want to get your application featured here? Let us know
http://wpsauce.com/contact