Following the attack on Microsoft’s online store in India, in which a team of (purportedly) Chinese hackers defaced the site and stole user credentials, the company is now alerting users via email that their passwords will be automatically reset on their behalf.
The attack, confirmed by Reuters today following this initial report, involved a group of hackers calling themselves the Evil Shadow Team. The group took the Microsoft Store website down and posted screenshots that they said were customers’ obscured usernames and passwords found unencrypted on the site. The store was maintained by an India company called Quasar Media – apparently easy target due to the way it was storing this account information in plain text.
“Microsoft is investigating a limited compromise of the company’s online store in India. The store customers have already been sent guidance on the issue and suggested immediate actions. We are diligently working to remedy the issue and keep our customers protected.”