Microsoft’s India Store Hacked

Author: Tyler     02 13th, 2012 in Hacking, Microsoft     No Comments »

Microsoft's store site in India defaced; hackers find plain text passwords

Chinese hackers have managed to deface the home page of the Microsoft Store in India and have gained access to user names and passwords associated with the site on February 12. The store site, operated for Microsoft by Quasar Media, is currently offline at the time of typing this post.

 

The hackers, known as the “Evil Shadow Team,” posted a link to their weblog on the store site’s homepage as part of the defacing, along with screen shots of their defacement. The blog also included screen shots of what appears to be Windows management console access to the site itself, including internal files of the site displayed in a Microsoft Internet Information Services Manager console, as well as a view of the user profile database. The passwords for accounts were apparently stored in plain text in the database.

 

On their personal blog, the hackers admitted that they were a low-profile group and not masters of their craft. They wrote that they were making the data available to “any security enthusiasts” and that the homepage of the store was defaced because modifying the home page was “a powerful way to make Microsoft aware” of how poor security of the site was.

 

According to a report put together by IDG’s John Ribero, Microsoft has begun an investigation, though it is calling the incident a “limited compromise” of the site. Microsoft has stated that “store customers have already been sent guidance on the issue and suggested immediate actions.”

 

Source: Ars Technica

Leave a Reply



Page in 0.416 seconds.