Following the hacking of Microsoft's India Store by Chinese group Evil Shadow, the company has sent an advisory e-mail to registered users asking them to keep track of their credit card accounts for any unusual activity, admitting that Financial information could have been compromised during the attack. The company has also set up a helpline for customers where they can call between 9 a.m. and 9 p.m. at 1-800-102-1100. This looks like a serious security oversight on the part of Microsoft and e-solutions provider Quasar Media, which was appointed by Microsoft India to own, maintain and operate the online store. It appears that the site was not just storing user credentials in plain text, but also storing credit card data, which is usually exchanged over a secure payment gateway. It also might be the case that there was a breach at the payment gateway integration level, or the company has detected some holes. Nikhil adds: Given the number of instances of hacking of websites - especially financial websites - that have been made public in the last year itself, it's surprising that Microsoft continued to store passwords as plain text, and retained credit card information. This incident should serve as a warning to both consumers and e-commerce players. There should be mandatory disclosure from e-commerce companies about the kind of user information they collect and store, and processes by which users can delete their information. * Here is the text of the e-mail from Microsoft: In a previous email on Feb. 12, 2012, we notified…
- Net neutrality rules set to be reintroduced in the US September 28, 2023
- Fact Check Amendment Makes Platforms Judge Whether to Take Content Down: Lawyers Argue Before Bombay HC September 28, 2023
- Epic Games appeals Apple App Store verdict at US Supreme Court September 28, 2023
- Writers Guild of America succeeds at limiting the use of AI in film and TV writing September 28, 2023
- Special Newsletter: MarketsNama – September Edition September 28, 2023
MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.
Factors like Indus not charging developers any commission for in-app payments and antitrust orders issued by India's competition regulator against Google could contribute to...
Is open-sourcing of AI, and the use cases that come with it, a good starting point to discuss the responsibility and liability of AI?...
RBI Deputy Governor Rabi Shankar called for self-regulation in the fintech sector, but here's why we disagree with his stance.
Straw man fallacy: IT Ministers’ defence of government exemptions in data protection law misses the point
Both the IT Minister and the IT Minister of State have chosen to avoid the actual concerns raised, and have instead defended against lesser...
The Central Board of Film Certification found power outside the Cinematograph Act and came to be known as the Censor Board. Are OTT self-regulating...
Please subscribe to MediaNama. Don't share prints and PDFs.
You May Also Like
Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...
135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...
Twitter takes down tweets from MP, MLA, editor criticising handling of pandemic upon government request
By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...