Microsoft India’s online store has been hacked and defaced! Although it was possible to browse individual items, the home page displayed the following message.
The credit for the hack has been taken by the EvilShadow, apparently a Chinese group, and the defaced home page displayed links to the hackers blogs as well as their email ID’s.
A new URL /evil.html was created and displayed the following message:
It looks like even the Microsoft Store India database and passwords have been compromised. You can see more such images at HackTeach.
Microsoft appears to have responded quickly and taken the site down, and as of now, MicrosoftStore.co.in seems to be offline.
UPDATE: They have also shot out an email to all, requesting users to change their passwords immediately.
We are writing to inform you that there may have been unauthorized access to some of your customer account information on Microsoft Store India. We have confirmed that databases storing credit card details and payment information were not affected during this compromise. However, exposed account details may include non-financial related information including e-mail address, password, order details and shipping address.
Microsoft Store takes this situation very seriously, and the company is diligently working to remedy the issue and keep our customers protected. We need your help in this regard and we ask that you please take the following steps to prohibit any further unauthorized access to your information.
Precautions You Should Take
In order to secure your account information, Microsoft Store will take the action to re-set your password. Please follow these steps to ensure your privacy is protected:
1. If you use the same e-mail and password combination on any other sites, including non-Microsoft websites or services, you should proactively change the password immediately to ensure your personal information is protected.
2. You will receive an e-mail with a temporary password and a prompt to create a new password. Please note, the password reset relates only to Microsoft Store India.
3. Once you receive the e-mail you should immediately create a new password, one that is both secure and familiar to you.
It might therefore be good idea to change your password as soon as posible.
