A couple of days ago, a group of Chinese hackers operating under the name of Evil Shadow Team managed to take down the Indian Microsoft online store. The hackers’ spokesperson, hidden under the name 7z1 and considering himself/herself a “patriotic hacker” told Reuters that found unencrypted data on the website. The group posted on their official blog screenshots with the attacked website, but with obscured usernames and passwords of the Microsoft customers.
Microsoft replaced the hacked website with a message for the users who are informed that the site is unavailable and the problem will be fixed “as quickly as possible”. The company’s representatives explained in an official statement that “Microsoft is investigating the limited compromise of the company’s online store in India. Customers have been notified and provided with guidance to reset their passwords. We are diligently working to remedy the incident and keep our customers protected.”
Microsoft’s customers are advised to change their passwords immediately after the website becomes available since the unencrypted passwords makes vulnerable to further attacks. Also users are advised to revisit any other accounts where they used the same credentials as on the Microsoft India online store. Hackers use this stolen passwords to gain access to more vital accounts of the people who keep using the same password for multiple accounts, despite all the reports and advises on this matter.