Microsoft Security Oversight Leads to Website Hack

Dennis Faas's picture

Microsoft's online store in India was compromised over the weekend by a group of Chinese hackers calling themselves the "Evil Shadow Team". The hackers were able to extract user IDs and passwords of the site.

While many are questioning how the hackers were able to breach Microsoft's security system, more troublesome is the realization that the company might not have taken the proper steps to secure the credentials of their customers prior to the attack.

Reportedly, Microsoft stored both login IDs and passwords for its users in plain text files, without any encryption system in place to protect this highly sensitive information.

"Unsafe Systems" Targeted by Hackers

Ironically, poor security protection seems to be the basis for the attack in the first place.

The Evil Shadow Team posted an explanatory message on the Microsoft website claiming that "unsafe systems will be baptized". (Source:

A secondary message also popped up in the wake of the discovery, this time on a website called Pastebin. There, the hackers made known its goal of bringing international attention to the security failures of some major corporations.

This is not the first time such an attack has occurred. Last year, hacker groups like Lulzsec carried out several high profile security penetrations that highlighted weaknesses in major online entities.

And not long ago Sony suffered multiple security breaches, with hackers collecting hundreds of stolen user IDs and passwords, wreaking havoc on gamers around the world. (Source:

Compromised Microsoft Site Taken Offline

At present, the Microsoft India website seems to be shut down by Microsoft. Patrons of the site are advised to change their passwords immediately once the site reappears and reopens for business.

Experts say that using the same login ID and password on another web service would be ill-advised, and users who feel compromised should change all suspect security codes at their earliest opportunities.

Rate this article: 
No votes yet