Late Sunday reports emerged that Microsoft’s online store in India had been hacked, defaced and user information exposed including unencrypted passwords. It turns out these claims are true and while Microsoft isn’t saying much on the subject, they did comment on the issue.
“Microsoft is investigating the limited compromise of the company’s online store in India,” a Microsoft spokesperson told SecurityWeek. “Customers have been notified and provided with guidance to reset their passwords. We are diligently working to remedy the incident and keep our customers protected.”
Taking credit for the hack is “7z1&Ancker,” claiming to be part of “EvilShadow Team”. After the site was defaced with several images and pages showing that were created by the attacker, Microsoft quickly took the site offline and it currently remains unavailable. At the time of publishing the site displays the following error message: “The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologize for any inconvenience this may have caused.”
The hacker also posted several images, some of which are included below.
SecurityWeek will follow-up if additional details emerge.