Update: Microsoft Store India hacked
By on February 12th, 2012

Microsoft’s online storefront in India has been hacked and subsequently defaced by a Chinese hacking group that goes by the alias of EvilShadow. As of 12PM EST, visiting the website will display the message as screenshotted above. Links to the hackers’ blog have also been included, in which a post claiming responsibility for the attack can be found. With a little assistance of Google Translate, here’s what the post said:

Do not explain, line and over ~ 

Shut down the organization’s internal group (119,883,641) added directly to the channel, and security enthusiasts who are interested can send the original articles, animations, tools to the mailbox <snipped> audit the ok, was open to join.

On the “black page” — subtly labeled Evil.html — the infamous Anonymous mask can be found. Below the image is the text, “Evil Shadow Team..Unsafe system will be baptized …” along with another link to their blog.

The motives behind this hack are currently unclear, but it’s likely that it was performed as a playful challenge, and not for social or political reasons.

UPDATE: This attack is far more severe than initially imagined. As reported by HackTeach (oddly enough, it seems that images may not show in Google Chrome), the hackers managed to gain access to the database, where Microsoft carelessly stored password data in plain text.

If you had an account on microsoftstore.co.in, we urge you to change your password (or passwords, if you used the same password here on other services), as it has been compromised.

UPDATE 2: As noted by The Verge, the site is now back in the hands of  Quasar Media Pvt. Ltd. (which, as the Microsoft Store India ToS points out, is the company that Microsoft outsourced the operations of this store to.) As of 2AM EST, they are working to bring the site back up. Let’s hope that they are adding proper password hashing/SALTing this time.

Tags: , ,
Author: Paul Paliath Google Profile for Paul Paliath
I founded and regularly wrote blog posts on GeekSmack from 2008 until 2011, when I failed at running a blog. I now write about Microsoft for Techie-Buzz. When not writing blog posts, I'm usually found designing websites and learning how to code. You should follow me on Twitter here.

Paul Paliath has written and can be contacted at paul@techie-buzz.com.
  • http://www.techzek.com Divyesh

    A Big company’s webiste making big mistakes…A very bad event we have seen..

 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN