Microsoft’s India web store (currently down) was hacked this weekend in a move that also just revealed how vulnerable its data was.
As relayed to WPSauce, the page was originally overwritten with a page giving credit to the Chinese group Evil Shadow and merging images both of the classic Activision game Hacker and Anonymous’ well-known Guy Fawkes mask. Anonymous hasn’t taken any credit, suggesting the use of the mask was strictly an instance of riding on Anonymous’ reputation.
Further exploration by Hackteach found that the account database was not only exposed but that it had been storing passwords in plain text.
As of Sunday afternoon Eastern time, the store was inactive in what was likely a sign that Microsoft was reworking the site to plug whatever security hole had been used. In the interim, anyone who visited the store is being urged to watch their financial accounts and logins on other pages with the same password
[The Verg]
