(Image source: The Verge)



BY EVAN THOMAS

 

ANCHOR CHRISTINA HARTMAN

 


If you’ve ever done some shopping at Microsoft’s India website, it’s time to change your password. The site was hacked over the weekend, and now login info and email addresses are floating around in the wild — without any sort of encryption.

Windows Phone Sauce reports hackers calling themselves Evil Shadow Team defaced the site. Instead of the Microsoft store, visitors got a familiar image of someone in a Guy Fawkes mask.

That image has since been replaced with a standard ‘we’re down’ message, but VentureBeat says the damage is much more than simply cosmetic.

“Screenshots potentially showing information from the database have been released by the Chinese site HackTeach... HackTeach is also reporting that the passwords were unsecured and saved in plain text, which if true, would be a shocking security blunder on Microsoft’s part.”

In an image released by HackTeach, usernames and passwords are associated with email addresses, which could spell bad news for anyone who uses the same password in more than one place. But as The Verge points out, Microsoft isn’t directly responsible for the breach.

“As some commenters have pointed out, it's worth noting that Microsoft Store India is not run by Microsoft. As the site's Terms of Use say, the store is owned and operated by an Indian company named Quasar Media, which has been ‘appointed by Microsoft to own, maintain and operate the online store.’”

But Microsoft does appear to be taking this seriously. Boy Genius Report quotes a mass email Microsoft sent to compromised users, with what good news there is.

“We have confirmed that databases storing credit card details and payment information were not affected during this compromise. However, exposed account details may include non-financial related information including e-mail address, password, order details and shipping address.”

The email says Microsoft is “working to remedy the issue,”  but so far there’s no explanation from Microsoft or Quasar Media as to why login info wasn’t encrypted.

Microsoft India Hacked, Passwords Compromised

by
0
Transcript
Feb 13, 2012

Microsoft India Hacked, Passwords Compromised

(Image source: The Verge)



BY EVAN THOMAS

 

ANCHOR CHRISTINA HARTMAN

 


If you’ve ever done some shopping at Microsoft’s India website, it’s time to change your password. The site was hacked over the weekend, and now login info and email addresses are floating around in the wild — without any sort of encryption.

Windows Phone Sauce reports hackers calling themselves Evil Shadow Team defaced the site. Instead of the Microsoft store, visitors got a familiar image of someone in a Guy Fawkes mask.

That image has since been replaced with a standard ‘we’re down’ message, but VentureBeat says the damage is much more than simply cosmetic.

“Screenshots potentially showing information from the database have been released by the Chinese site HackTeach... HackTeach is also reporting that the passwords were unsecured and saved in plain text, which if true, would be a shocking security blunder on Microsoft’s part.”

In an image released by HackTeach, usernames and passwords are associated with email addresses, which could spell bad news for anyone who uses the same password in more than one place. But as The Verge points out, Microsoft isn’t directly responsible for the breach.

“As some commenters have pointed out, it's worth noting that Microsoft Store India is not run by Microsoft. As the site's Terms of Use say, the store is owned and operated by an Indian company named Quasar Media, which has been ‘appointed by Microsoft to own, maintain and operate the online store.’”

But Microsoft does appear to be taking this seriously. Boy Genius Report quotes a mass email Microsoft sent to compromised users, with what good news there is.

“We have confirmed that databases storing credit card details and payment information were not affected during this compromise. However, exposed account details may include non-financial related information including e-mail address, password, order details and shipping address.”

The email says Microsoft is “working to remedy the issue,”  but so far there’s no explanation from Microsoft or Quasar Media as to why login info wasn’t encrypted.

View More
Comments
Newsy
www1