Feeds

Microsoft 'fesses credit cards exposed by Indian store hack

U-turn leaves punters in hot pickle

3 Big data security analytics techniques

Microsoft India has warned customers of its online store that their financial details may have been compromised, backtracking on a previous statement to the contrary.

Chinese hackers, apparently members of a group known as Evil Shadow Team, were thought to have breached Microsoft’s systems earlier this month, defacing the Microsoft India Store with a V for Vendetta image and the bizarre message: “Unsafe system will be baptized.”

The website was taken offline and remains inaccessible to this day, with a holding page claiming “Microsoft is working to restore access as quickly as possible”.

Speculation was rife at the time that Quasar Media, the digital media contractor Microsoft used to manage the site, had stored credit card info in plain-text format in a backend database, putting it at extreme risk of capture by the hackers.

However, Microsoft moved quickly to quash such rumours, claiming that “databases storing credit card details and payment information were not affected during this compromise”.

In time honoured fashion, however, Redmond has now been forced to admit that this prognosis may have been a little over-hasty, and optimistic, according to Wall Street Journal India blogger and Microsoft customer, Amit Agarwal.

The new statement sent to customers via email from Microsoft India general manager Chakrapani Gollapali reads:

Further detailed investigation and review of data provided by the website operator revealed that financial information may have been exposed for some Microsoft Store India customers.

Redmond has set up a helpline - never a good sign - and asked any customers who have used their cards on the site to contact their provider as their details may have been exposed.

The Reg reached out to Microsoft to get confirmation of the email seen by Agarwal but without success so far. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.