Bill Gates dared hackers to break into Windows 7 before it was launched. He was confident that Win7 was unbreakable. But, he never looked at his web technology that catered to millions of users who register themselves online.
Earlier this weekend, Microsoft India website was hacked black and blue by a group of Chinese hackers who call themselves – Evil Shadow Team. Unsafe system will be baptized – This message was posted for Microsoft to ponder over days to come.
Hackers were able to access usernames and passwords of users who had used Microsoft store to buy products. Although the data may be relatively non-critical, imagine the audacity of Microsoft to store this data in a plain text form. It was not encrypted! Who in the world would not store usernames and passwords encrypted? Does MS ever care about standards such as ISO27K1? I am not surprised, but rather angry. How can any of us provide any private data to Microsoft anymore? What about Microsoft products we use? How safe are they?
I am not sure if the answers to my questions would ever be answered positively by any MS official. To tell the very least, I am flabbergasted.
After the hack, came this message on MS website – We advise the users at Microsoft India Store to change the password as soon the website comes online. Also, if they have used the same password or login id on any other web service, they should change it immediately.
Microsoft has proved it time and again that they are not willing to learn. Last year, Sony website was hacked by another group of hackers. Usernames and passwords were the target then, and Sony apologized to users that they had stored usernames and passwords in an unencrypted form – plain text format. Did Microsoft learn anything from this episode and amend their loopholes? No. Will they every learn?
A MS spokesman commented – “Microsoft is investigating a limited compromise of the company’s online store in India. The store customers have already been sent guidance on the issue and suggested immediate actions. We are diligently working to remedy the issue and keep our customers protected.”