Chinese “Evil Shadow” Hackers Breach and Deface Microsoft Store India
The Chinese Evil Shadow hacker collective managed to breach the official Indian Microsoft Store (microsoftstore.co.in), defacing it and leaking data from their databases.
On the team’s blog the hackers reveal their intentions for targeting a Microsoft website.
First of all, they say that they did it for the fame. While they don’t always like to be in the center of attention, it’s their belief that these high-profile operations are sometimes necessary.
Furthermore, they claim that the website was defaced to attract Microsoft’s attention on the issue, which it did, considering that the website is currently down for maintenance.
Another reason for which the site got hacked was to steal data. Unfortunately, it turns out that the online shop kept a large part of the data, including passwords, in clear-text, a practice that proved itself to be very dangerous for sites that store sensitive information.
“The data is very important. Any security enthusiasts are interested in the data. We have made some of the data from the Microsoft India Mall, this behavior is designed to showcase that even Microsoft-owned stores will also use clear text passwords. Data has no value in China,” reads a translation of their statement.
The Verge points out that the site is not run by Microsoft, instead it’s owned by an Indian organization called Quasar Media that was appointed by the Redmond company to maintain and operate the store.
In the meanwhile, until the site is back online and its administrators manage to patch up all the issues, users who own accounts on Microsoft Store India are advised to change their passwords and be on the lookout for any malicious emails that may land in their inboxes in the upcoming days.
It’s a known fact that after such incidents cybercriminals might launch phishing campaigns, trying to dupe unsuspecting users into providing sensitive information.
First of all, they say that they did it for the fame. While they don’t always like to be in the center of attention, it’s their belief that these high-profile operations are sometimes necessary.
Furthermore, they claim that the website was defaced to attract Microsoft’s attention on the issue, which it did, considering that the website is currently down for maintenance.
Another reason for which the site got hacked was to steal data. Unfortunately, it turns out that the online shop kept a large part of the data, including passwords, in clear-text, a practice that proved itself to be very dangerous for sites that store sensitive information.
“The data is very important. Any security enthusiasts are interested in the data. We have made some of the data from the Microsoft India Mall, this behavior is designed to showcase that even Microsoft-owned stores will also use clear text passwords. Data has no value in China,” reads a translation of their statement.
The Verge points out that the site is not run by Microsoft, instead it’s owned by an Indian organization called Quasar Media that was appointed by the Redmond company to maintain and operate the store.
In the meanwhile, until the site is back online and its administrators manage to patch up all the issues, users who own accounts on Microsoft Store India are advised to change their passwords and be on the lookout for any malicious emails that may land in their inboxes in the upcoming days.
It’s a known fact that after such incidents cybercriminals might launch phishing campaigns, trying to dupe unsuspecting users into providing sensitive information.
Source:Softpedia
Translation from Blog:
Yes, the occurrence of anything will cause comment, there are good comments and bad comments.
Microsoft India, stores were black, we also accept reviews of all aspects of (sound). We are starting to see the comments, we need to do some explanations for these comments. Note, however, will no longer be explained.
(1) to be famous?
We are a low-key, as Ancker said, "Not everybody can keep a low profile, the premise of keeping a low profile at all times a high-profile up." We need a low-key, but we will high-profile. All along, we condemn the guy, to modify the home page and in our in-house, if you see who modified the others home page, will be a serious warning, because it seemed too low-level.
We are not famous, we know that the real master in civil society, a more powerful role. However, we modify the Microsoft Home of the Indian stores, this time our high-profile. We have deliberately marked the Chinese national flag, we come from China. Modify the home page is more powerful Microsoft aware of this issue. In fact, in the process to modify the home page, we encountered some resistance, but were eventually overcome.
Those who say that for well-known, first of all motives, it may be jealousy, or posturing, overstating their own. Like standing on a high angle to look at this thing. Before you use your pencil, please consider your character.
(2) to steal data
The data is very important. Any security enthusiasts are interested in the data. We have made some of the data from the Microsoft India Mall, this behavior is designed to showcase Even Microsoft-owned stores will also use clear text passwords. Data no more value in China.
(3) Purpose
Doing everything needs a purpose? Keep you think about it slowly.
An organization set up, really need to experience something. This time from the original internal group a name.
Microsoft India, stores were black, we also accept reviews of all aspects of (sound). We are starting to see the comments, we need to do some explanations for these comments. Note, however, will no longer be explained.
(1) to be famous?
We are a low-key, as Ancker said, "Not everybody can keep a low profile, the premise of keeping a low profile at all times a high-profile up." We need a low-key, but we will high-profile. All along, we condemn the guy, to modify the home page and in our in-house, if you see who modified the others home page, will be a serious warning, because it seemed too low-level.
We are not famous, we know that the real master in civil society, a more powerful role. However, we modify the Microsoft Home of the Indian stores, this time our high-profile. We have deliberately marked the Chinese national flag, we come from China. Modify the home page is more powerful Microsoft aware of this issue. In fact, in the process to modify the home page, we encountered some resistance, but were eventually overcome.
Those who say that for well-known, first of all motives, it may be jealousy, or posturing, overstating their own. Like standing on a high angle to look at this thing. Before you use your pencil, please consider your character.
(2) to steal data
The data is very important. Any security enthusiasts are interested in the data. We have made some of the data from the Microsoft India Mall, this behavior is designed to showcase Even Microsoft-owned stores will also use clear text passwords. Data no more value in China.
(3) Purpose
Doing everything needs a purpose? Keep you think about it slowly.
An organization set up, really need to experience something. This time from the original internal group a name.