Hackers, allegedly belonging to a Chinese group called Evil Shadow Team, struck at www.microsoftstore.co.in on Sunday night, stealing login ids and passwords of people who had used the website for shopping Microsoft products.
While it is troublesome that hackers were able to breach security at a website owned by one of the biggest IT companies in the world, it is more alarming that user details – login ids and passwords – were reportedly stored in plain text file, without any encryption.
Later, the website seemed to have been taken offline by Microsoft. We advise the users at Microsoft India Store to change the password as soon the website comes online. Also, if they have used the same password or login id on any other web service, they should change it immediately.
Commenting on the security breach, a Microsoft spokesperson said, “Microsoft is investigating a limited compromise of the company’s online store in India. The store customers have already been sent guidance on the issue and suggested immediate actions. We are diligently working to remedy the issue and keep our customers protected.”
Source : reuters