In an unfortunate reversal of its initial statement following the hacker infiltration of Microsoft Store India earlier this month, Microsoft is now admitting that the financial information of its customers may have been compromised along with the usernames and passwords it previously confirmed were accessed. The store has remained offline ever since the February 12th attack, which Chinese hacker group Evil Shadow Team has claimed responsibility for. Wall Street Journal reporter Amit Agarwal wrote on his personal blog that Microsoft has now emailed its India store customers and advised them to keep vigilant watch over credit card activity and also contact their card provider to warn of the possibility of unauthorized use. Further, Microsoft has established a hotline (1-800-102-1100) for consumers with questions or concerns about the situation.
The prevailing belief is that lackadaisical security measures used by Quasar Media — an outside contractor appointed to operate Microsoft Store India — are responsible for the breach. The company allegedly stored the sensitive information of users in a plain text format highly susceptible to hackers. While it's good to see Microsoft taking steps to assist customers impacted by the glaring vulnerability, we hope to hear more about how Redmond plans to avert such disasters in the future.