Microsoft's India store hacked, usernames & passwords stolen

Discussion in 'Members Corner' started by Oracle, Feb 13, 2012.

  1. Oracle

    Oracle New Member

    Joined:
    Mar 31, 2010
    Messages:
    8,120
    Likes Received:
    1,541
    Location:
    Bangalore, India
    NEW DELHI: Hackers, allegedly belonging to a Chinese group called Evil Shadow Team, struck at Microsoft Store on Sunday night, stealing login ids and passwords of people who had used the website for shopping Microsoft products.

    While it is troublesome that hackers were able to breach security at a website owned by one of the biggest IT companies in the world, it is more alarming that user details - login ids and passwords - were reportedly stored in plain text file, without any encryption.

    Following the hack, the members of Evil Shadow Team, posted a message on the Microsoft website saying "unsafe system will be baptized". The story was first reported by Windows Phone Sauce.

    Later, the website seemed to have been taken offline by Microsoft. We advise the users at Microsoft India Store to change the password as soon the website comes online. Also, if they have used the same password or login id on any other web service, they should change it immediately.

    Last year, hacker groups like Lulzsec had carried out several-profile high profile break-ins, putting focus on the security measures companies put in place. Sony allegedly suffered several security breaches and hackers stole user ids and passwords of customers from its network.

    In a message posted on a website called Pastebin, Lulzsec claimed the group was bringing attention to the web security. "Do you think every hacker announces everything they've hacked? We certainly haven't, and we're damn sure others are playing the silent game. Do you feel safe with your Facebook accounts, your Google Mail accounts, your Skype accounts? What makes you think a hacker isn't silently sitting inside all of these right now," the group wrote.

    But the incident at Microsoft Store on Sunday hints that lessons have not been learnt. Just like Sony, which later revealed that user ids and passwords were not encrypted at the time of security breach, Microsoft too seemed to have been casual about handling the user details by storing them in a plain text file. We have contacted Microsoft but company has so far not acknowledged or commented on the security breach.

    TOI
     
  2.  
  3. Ray

    Ray The Chairman Defence Professionals Moderator

    Joined:
    Apr 17, 2009
    Messages:
    43,118
    Likes Received:
    23,545
    Location:
    Somewhere
    Nothing is safe on the cyberspace it appears.

    New ideas to ensure one is safe has to be devised.

    What are they?
     
  4. Oracle

    Oracle New Member

    Joined:
    Mar 31, 2010
    Messages:
    8,120
    Likes Received:
    1,541
    Location:
    Bangalore, India
    Sir, these things are made by humans. So, they are error prone. Nothing can be 100% bug free. With time, things would evolve, gaps would be filled, and so would new weaknesses be discovered.
     
  5. pmaitra

    pmaitra Moderator Moderator

    Joined:
    Mar 10, 2009
    Messages:
    31,650
    Likes Received:
    17,146
    Location:
    EST, USA
  6. Ray

    Ray The Chairman Defence Professionals Moderator

    Joined:
    Apr 17, 2009
    Messages:
    43,118
    Likes Received:
    23,545
    Location:
    Somewhere
    That is why I am so chary of all these Online issues.

    Online is convenient, but then you can be had!

    Even when I donated, I did not use Paypal and instead sent a cheque!
     
  7. Illusive

    Illusive Senior Member Senior Member

    Joined:
    Jun 20, 2010
    Messages:
    2,335
    Likes Received:
    1,418
    Last edited: Feb 13, 2012
  8. Oracle

    Oracle New Member

    Joined:
    Mar 31, 2010
    Messages:
    8,120
    Likes Received:
    1,541
    Location:
    Bangalore, India
    :lol:

    I am also wary, however I take cyber security very seriously. I always buy the latest Internet Security, and update it everyday. Do regular scans. Never buy cracked/duplicate Internet Security software's. I recommend Kaspersky. I have been using it for the last 5 years.

    Also, there are many websites (mostly Chinese), which when you open in your browser, automatically injects malicious code onto your machine. These latest tricks are not detected by anti-viruses, because security researchers don't know about them yet, and as such solutions for latest viruses, worms are absent from the signature database of the security software we use. The first couple of victims are the worst hit, until security companies releases tools/updates to counter latest threats.

    Also, do not use Microsoft's Internet Explorer. It is so buggy, even bugs hate it. Use other browsers like Google Chrome, Firefox.

    Also, never use software/applications downloaded from torrents with cracks, serial keys. There is nothing called a free lunch and most of them come bundled with trojans and sniffers. Use a genuine, licensed version of the OS, not a pirated one.

    If we do the above things, we can mitigate the risks to a great extent.
     
  9. Bangalorean

    Bangalorean Stars and Ambassadors Stars and Ambassadors

    Joined:
    Nov 28, 2010
    Messages:
    6,207
    Likes Received:
    6,497
    Sir, I disagree that nothing is safe in cyberspace. I do almost all my financial transactions electronically, and I have never been had even once. Out of my salary, more than 90% of the expenditure is electronic, less than 10% cash.

    I pay my EMIs via internet banking, pay for my shopping by credit cards whenever I can, buy stuff online via credit cards, pay my credit card bills online via netbanking, pay my phone bill online, etc. etc. etc. Almost everything is electronic. I need to go to the ATM just once a month, sometimes even less.

    Most people don't know how secure the internet actually is. When you use the card for online purchases, the OTP (one time password) functionality makes it almost bulletproof security. One would need to have possession of your credit card numbers (including the CVV number), your mobile phone, and receive the incoming SMS with the one-time-password - only then will one be able to misuse your credit card online.

    People who are afraid of online transactions don't know how much convenience and ease they are missing. Oracle has provided some good guidelines to stay safe on the internet. In general, do not download stuff from shady websites like torrent sites, etc. Do not click porn links in spam emails. Those who watch porn, stick to the selected well-known porn sites - don't trawl unknown sites on the internet for porn. Spend on a good antivirus and cyber security software.

    BTW, I donated via netbanking - extremely secure. But then, the real problem is with humans, not with technology.... :tsk:
     
  10. peacecracker

    peacecracker Regular Member

    Joined:
    Jun 16, 2009
    Messages:
    292
    Likes Received:
    40
    Location:
    India

Share This Page