Much of the data was stored in clear-text, including passwords
The Chinese Evil Shadow hacker collective managed to breach the official Indian Microsoft Store (microsoftstore.co.in), defacing it and leaking data from their databases.On the team’s blog the hackers reveal their intentions for targeting a Microsoft website.
First of all, they say that they did it for the fame. While they don’t always like to be in the center of attention, it’s their belief that these high-profile operations are sometimes necessary.
Furthermore, they claim that the website was defaced to attract Microsoft’s attention on the issue, which it did, considering that the website is currently down for maintenance.
Another reason for which the site got hacked was to steal data. Unfortunately, it turns out that the online shop kept a large part of the data, including passwords, in clear-text, a practice that proved itself to be very dangerous for sites that store sensitive information.
“The data is very important. Any security enthusiasts are interested in the data. We have made some of the data from the Microsoft India Mall, this behavior is designed to showcase that even Microsoft-owned stores will also use clear text passwords. Data has no value in China,” reads a translation of their statement.
The Verge points out that the site is not run by Microsoft, instead it’s owned by an Indian organization called Quasar Media that was appointed by the Redmond company to maintain and operate the store.
In the meanwhile, until the site is back online and its administrators manage to patch up all the issues, users who own accounts on Microsoft Store India are advised to change their passwords and be on the lookout for any malicious emails that may land in their inboxes in the upcoming days.
It’s a known fact that after such incidents cybercriminals might launch phishing campaigns, trying to dupe unsuspecting users into providing sensitive information.