Hacked Microsoft online store saved passwords in plain text

Credit: flickr/Arenamontanus

Getting hacked is not good. Getting hacked then outed for keeping customer passwords in plain text is an epic not good.

That's the lesson learned by Microsoft and their online store in India, allegedly hacked by the Chinese Evil Shadow Team. Actually owned by an Indian company by the name of Quasar Media, the Microsoft store remains offline at this writing, indicating the legit owners once again have some control.

While the usernames and passwords, in plain text, were no doubt taken, the hacker group's goal may not be theft. Declaring that the "unsafe system will be baptized," the group left the famous Guy Fawkes mask on the site's front page.

Punishment needed

jailtime please, so sick of hackers

Windshield on theverge.com

Disclaimer: I used to work for Microsoft. I think Microsoft needs to take a ton of heat for this one.

sriramk on news.ycombinator.com

Certainly in the UK at least, and Im sure most of the world, Organisations that hold sensitive electronic data have a LEGAL obligation to protect that data.

wmp_surur on endgadget.com

If it was an MS store, then it's their fault. The store was branded with the MS brand in order to convey to consumers that the store could be trusted.

CoffeeDregs on news.ycombinator.com

Hacker arguments

I'm not saying what they did was right, but the fact that they stored this information in plain text is just a blatant lack of caring on Microsoft's part.

Matt Cotsones on endgadget.com

They were trying to expose unsafe systems much like Anonymous.

Danhese007 on theverge.com

Advice for both parties

Hey hackers why not hack into something like Al Qaeda or other terrorist exchange forum and let people know when they plan to blow s**t up and kill people?

Arkweld on endgadget.com

Using clear text password is indefensible – but I don’t think this is a branch of Microsoft as they would be using Live ID’s

RoboTone on theverge.com

At least 90% of the people I meet (at least here in Bangalore) would store passwords in clear text and not know why this is a bad thing.

jeswin on news.ycombinator.com

Doesn't Microsoft oversee contractors? Are contractors not required to follow Microsoft programming practices and security guidelines?

Top 10 Hot Internet of Things Startups
Join the discussion
Be the first to comment on this article. Our Commenting Policies