Tuesday, 28 February 2012

Microsoft: Credit Card Data Possibly Stolen from India Store |Technology News

After the official Microsoft Store in India was breached, the Redmond company issued a statement to reassure customers that the hackers didn’t gain access to credit card information. In a second email sent to clients, the company admitted that financial information may have been exposed.

According to Amit Agarwal’s Digital Inspiration blog, Microsoft sent out the second series of emails on February 27, advising Microsoft Store India customers to sign up for credit monitoring services to avoid any unfortunate incidents.

“Further detailed investigation and review of data provided by the website operator revealed that financial information may have been exposed for some Microsoft Store India customers,” reads Microsoft’s second letter to customers.

It’s believed that Quasar Media, the organization in charge of administrating the Microsoft Store, neglected to encrypt the sensitive information, allowing Chinese Evil Shadow hackers to easily gain access to the information.

The fact that the store recorded all the data in clear text was also revealed by the hacker at the time of the incident.

“The data is very important. Any security enthusiasts are interested in the data. We have made some of the data from the Microsoft India Mall, this behavior is designed to showcase that even Microsoft-owned stores will also use clear text passwords. Data has no value in China,” the hackers said at the time.

7z1, one of the hackers of the Chinese hacker crew that breached the online store, told us in a recent interview that they had no intention whatsoever to use the information stored on the site’s servers for malicious purposes.

“I am not a robber, a thief. What I did with the Microsoft mall was to make sure that their security would be enhanced, I did not publish data,” he said.

At the time of writing, Microsoft’s store is still not functional, displaying the same message that was posted right after the breach occurred.

No comments:

Post a Comment