Microsoft India Store was hacked earlier this month, Microsoft said at that time email addresses, passwords and shipping address of customers might have been exposed to hackers in that incident. But now it turns out that not only the above information but Credit Card details also might have been exposed.
Below is the Email excerpt sent by Microsoft India after it was hacked. Via ZDNet
We have confirmed that databases storing credit card details and payment information were not affected during this compromise. However, exposed account details may include non-financial related information including e-mail address, password, order details and shipping address.
Microsoft Store takes this situation very seriously, and the company is diligently working to remedy the issue and keep our customers protected.
However now Medianama reports that Microsoft sent an email again today to customers saying Credit Card information have been stolen during the hacking of its store. Below is an excerpt from the email Microsoft sent.
In a previous email on Feb. 12, 2012, we notified you there may have been unauthorized access to some of your customer account information on the Microsoft Store India site (http://www.microsoftstore.co.in) operated by a third party. We suggested you reset your password, among other security precautions, and to contact us with further questions.
Further detailed investigation and review of data provided by the website operator revealed that financial information may have been exposed for some Microsoft Store India customers.
Users who have used Microsoft India Store are advised to report this to their Credit Card provider.
Microsoft India Store website is managed by a third party provider called Quasar Media. HackTeach has published the screenshots of the hack, the screenshots reveal that user login credentials of Microsoft India Store are stored in plain text in a MS access database. This is ridiculous, who the hell is storing user passwords in plain text these days.
This is a big blow for Microsoft reputation. I know they use a third party to maintain Microsoft India Store but they should know how their customers sensitive information is handled.