Feeds

Microsoft India web store 'hacked by Chinese group'

Evil Shadow Team pounces, claims it uncovered passwords

Providing a secure and efficient Helpdesk

Microsoft appears to have had its Indian web store broken into and user login credentials stolen by Chinese hackers.

Tech site WP Sauce reported on Sunday that the group, which goes by the name Evil Shadow Team, managed to deface the web site, posting an image of a V for Vendetta mask and the message: “Unsafe system will be baptized.”

At the time of writing the site had been taken offline, presumably while Quasar Media, the third-party digital media firm Microsoft employed to run it, figures out what went wrong.

“The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologise for any inconvenience this may have caused,” the holding page message reads.

According to multiple reports, punters' logins and passwords were also stolen by the hackers, a situation made significantly worse because Quasar apparently made the schoolboy error of storing them in plain text.

Not much is known about Evil Shadow Team, although a link posted on the defaced Microsoft Store page on Sunday takes the user to the group’s blog, written in Chinese and titled “7z1’s blog”.

Users of Microsoft Store in India have been advised to change their passwords on the site as soon as it comes back online, and to change their credentials on any other sites if they used the same ones across multiple online accounts.

Microsoft has yet to respond to a request for comment. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.