Following the attack on Microsoft’s online store in India, in which a team of (purportedly) Chinese hackers defaced the site and stole user credentials, the company is now alerting users via email that their passwords will be automatically reset on their behalf.
According to the email, Microsoft also says the databases storing credit card details and payment information were not compromised, but customer account information, including email address, passwords, order details and shipping addresses may have been affected.
The attack, confirmed by Reuters today following this initial report, involved a group of hackers calling themselves the Evil Shadow Team. The group took the Microsoft Store website down and posted screenshots that they said were customers’ obscured usernames and passwords found unencrypted on the site. The store was maintained by an India company called Quasar Media – apparently easy target due to the way it was storing this account information in plain text.
At the time, a Microsoft spokesperson confirmed the hack via the following statement sent to Reuters:
“Microsoft is investigating a limited compromise of the company’s online store in India. The store customers have already been sent guidance on the issue and suggested immediate actions. We are diligently working to remedy the issue and keep our customers protected.”
Now Microsoft is alerting customers to the attack via the following email message, below:
Microsoft Store Customer Update
We are writing to inform you that there may have been unauthorized access to some of your customer account information on Microsoft Store India (http://www.microsoftstore.co.in/). We have confirmed that databases storing credit card details and payment information were not affected during this compromise. However, exposed account details may include non-financial related information including e-mail address, password, order details and shipping address.
Microsoft Store takes this situation very seriously, and the company is diligently working to remedy the issue and keep our customers protected. We need your help in this regard and we ask that you please take the following steps to prohibit any further unauthorized access to your information.
Precautions You Should Take
In order to secure your account information, Microsoft Store will take the action to re-set your password. Please follow these steps to ensure your privacy is protected:
1. If you use the same e-mail and password combination on any other sites, including non-Microsoft websites or services, you should proactively change the password immediately to ensure your personal information is protected.
2. You will receive an e-mail with a temporary password and a prompt to create a new password. Please note, the password reset relates only to Microsoft Store India.
3. Once you receive the e-mail you should immediately create a new password, one that is both secure and familiar to you.
Microsoft Store is Here to Help
We understand that you may have additional questions and Microsoft Store is here to help. If you have specific questions about your Microsoft Store account or want more information about computing and personal security please contact us at 1800-102-1100.
We apologize for any inconvenience this incident might cause.
Microsoft Store India
We’ve reached out to Microsoft to confirm this email’s authenticity, which is also available online here.
Thanks Amit Bhawani