Microsoft has warned customers that their financial data such as credit card information may have been compromised by hackers who attacked the company’s online store in India earlier this month.
The company had earlier described the hack, in which user names and passwords had been leaked, as a “limited compromise”. The site which is run by a third-party service provider has been criticized for bad security practices, such as saving data in plain text.
The store, which was defaced by hackers who claimed to be Chinese, is still unavailable. The hackers also released images of what appeared to be lists of users’ names and passwords.
“Upon further detailed investigation of the third-party service provider managing Microsoft Store India, Microsoft has determined that financial information may have been exposed for some online store customers,” the company said in a statement on Tuesday. “We have notified all potentially impacted customers and have provided additional guidance and resources to help protect their accounts,” it added.
India has long-standing border disputes with China and Pakistan, and the friction is reflected on social networks, and in hacks of websites on both sides of the borders, including a high-profile hack of the website of India’s Central Bureau of Investigation.
The hackers of the Microsoft website, who called themselves EvilShadow Team, said they wanted to get attention from Microsoft, and put up an image of China’s flag on the altered main page.
John Ribeiro covers outsourcing and general technology breaking news from India for The IDG News Service. Follow John on Twitter at @Johnribeiro. John’s e-mail address is john_ribeiro@idg.com