Microsoft Store India has been hacked, by a group calling itself Chinese Evil Shadow Team. The site is not run by Microsoft, but Quasar Media, an Indian company responsible for its maintenance and operation.
At the time of writing, the website is still down. The hackers have also leaked Microsoft Store India member’s usernames and passwords, which horrifically enough, were stored in plain text.
The Chinese Evil Shadow Team is apparently a two-man team, who also managed to upload a page to deface the site, as seen below.
Microsoft India has confirmed the attack, and sent out precautionary emails to members. The company reassured users that credit card details and payment information databases were not affected, however, other data may have been exposed, such as order details, and shipping addresses, apart from usernames, e-mail addresses, and passwords.
The company has asked users using the same e-mail and password combinations on any other sites to “proactively change the password immediately.” Microsoft Store India will be sending an email with a temporary password and a prompt to create a new password. Users who receive the e-mail are requested to immediately create a new password.
“Microsoft Store takes this situation very seriously, and the company is diligently working to remedy the issue and keep our customers protected.”