wordpress blog stats
Connect with us

Hi, what are you looking for?

Credit Card Info May Have Been Exposed In Microsoft India Store Hacking

Following the hacking of Microsoft’s India Store by Chinese group Evil Shadow, the company has sent an advisory e-mail to registered users asking them to keep track of their credit card accounts for any unusual activity, admitting that Financial information could have been compromised during the attack. The company has also set up a helpline for customers where they can call between 9 a.m. and 9 p.m. at 1-800-102-1100.

This looks like a serious security oversight on the part of Microsoft and e-solutions provider Quasar Media, which was appointed by Microsoft India to own, maintain and operate the online store. It appears that the site was not just storing user credentials in plain text, but also storing credit card data, which is usually exchanged over a secure payment gateway. It also might be the case that there was a breach at the payment gateway integration level, or the company has detected some holes.

Nikhil adds: Given the number of instances of hacking of websites – especially financial websites – that have been made public in the last year itself, it’s surprising that Microsoft continued to store passwords as plain text, and retained credit card information. This incident should serve as a warning to both consumers and e-commerce players. There should be mandatory disclosure from e-commerce companies about the kind of user information they collect and store, and processes by which users can delete their information.


Here is the text of the e-mail from Microsoft:

In a previous email on Feb. 12, 2012, we notified you there may have been unauthorized access to some of your customer account information on the Microsoft Store India site (http://www.microsoftstore.co.in) operated by a third party. We suggested you reset your password, among other security precautions, and to contact us with further questions.

Further detailed investigation and review of data provided by the website operator revealed that financial information may have been exposed for some Microsoft Store India customers. So, as an additional precaution, if you used a credit card on the Microsoft Store India website, we recommend the following actions:
Contact your credit card provider and alert them to potential unauthorized access to your account information.
Closely monitor and review your credit card account for abnormal activity, and if seen, immediately contact your credit card provider.
Microsoft is committed to protecting customer privacy and takes this situation very seriously. We understand that you may have additional questions, so we have set up a team of specialists to address any of your concerns. Please call them between 9 a.m. and 9 p.m. at 1-800-102-1100.

Thank you,
Chakrapani Gollapali
General Manager, Microsoft India

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like


Senior journalist and news anchor Nidhi Razdan was all set to start teaching at Harvard University this year. But it turns out she appears...


The chipmaker Intel has now launched a facial recognition solution, which the company says will work with smart locks, access control, point-of-sale devices, ATMs...


The Delhi High Court on Monday refused to stop Amazon from pushing regulators to stop the sale of the Future Group’s businesses to Reliance...


Pine Labs has raised around $100 million in fresh funds from Lone Pine Capital, a hedge fund based in the United States, at a...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to Daily Newsletter

    © 2008-2018 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ