Following the hacking of Microsoft's India Store by Chinese group Evil Shadow, the company has sent an advisory e-mail to registered users asking them to keep track of their credit card accounts for any unusual activity, admitting that Financial information could have been compromised during the attack. The company has also set up a helpline for customers where they can call between 9 a.m. and 9 p.m. at 1-800-102-1100. This looks like a serious security oversight on the part of Microsoft and e-solutions provider Quasar Media, which was appointed by Microsoft India to own, maintain and operate the online store. It appears that the site was not just storing user credentials in plain text, but also storing credit card data, which is usually exchanged over a secure payment gateway. It also might be the case that there was a breach at the payment gateway integration level, or the company has detected some holes. Nikhil adds: Given the number of instances of hacking of websites - especially financial websites - that have been made public in the last year itself, it's surprising that Microsoft continued to store passwords as plain text, and retained credit card information. This incident should serve as a warning to both consumers and e-commerce players. There should be mandatory disclosure from e-commerce companies about the kind of user information they collect and store, and processes by which users can delete their information. * Here is the text of the e-mail from Microsoft: In a previous email on Feb. 12, 2012, we notified…
