Microsoft India Store Finally Back Online!

Sushubh

Administrator
Messages
423,828
Location
Gurugram
A few of you would remember discussing this store in some older threads.

Quasar Media managed this store. And they were storing user details in text format.

And they have still not managed to get it back online.

Microsoft Store



Microsoft India Store gets hacked, passwords and usernames exposed (updated) | VentureBeat

While we can easily confirm that the site is offline, it’s more difficult to prove if the store’s username database has been hacked. Screenshots potentially showing information from the database have been released by the Chinese site HackTeach, but Microsoft has yet to confirm that the data has been compromised. HackTeach is also reporting that the passwords were unsecured and saved in plain text, which if true, would be a shocking security blunder on Microsoft’s part.
 

The Sorcerer

Newbie
Regulars
Messages
70
Too bad. they were pitching Xbox 360, Lumia 800 and some microsoft web cam very very seriously for few days only to see their site going down.
 

manu1991

Ancient Philospher
Regulars
Messages
7,334
Location
Delhi
good lesson for using keepass/lastpass and different passwords for all sites.
 


Sushubh

Administrator
Messages
423,828
Location
Gurugram
there is a very good possibility that letsbuy is also storing their passwords in plain text. a friend told me that they mail you the user id and password (in text) just after you create an account. this is a very good indication that the passwords are probably stored in plain text.
 

agantuk

Bhatakti Aatma
Regulars
Messages
6,387
A lot of sites store passwords in plain text format. A simple check would be to use the forget password link, you will be shocked to see that sites like insurance etc. also store passwords in unencrypted format.
 


IndianMascot

Addicts
Regulars
Messages
7,371
there is a very good possibility that letsbuy is also storing their passwords in plain text.

a friend told me that they mail you the user id and password (in text) just after you create an account.

this is a very good indication that the passwords are probably stored in plain text.


Yes buddy, I just now checked my mail archive and found that Welcome Mail received from Letsbuy have my password in text.
 

Sushubh

Administrator
Messages
423,828
Location
Gurugram
just tried the password recovery option on letsbuy and they mailed me a 'new password' in plain text. a new randomly generated password!



two problems with this bullcrap.

1. they are likely using raw text passwords because of what we have already discussed.
2. ANYONE can reset your password ANYTIME by using your email address in their password recovery form.

flipkart is doing it better. they send you a link. which you have to click to land on a page where you can enter your own password. they are not generating a new password and mailing it to you in plain text.
 

mehrotra.akash

Regular
Regulars
Messages
915
If a site is sending you your own password, then its storing the passwords as text for sureBut entering email id and receiving a randomly generated password is not much of an issue, since your mail account is still under your control
 

SiriusB

Torrential
Regulars
Messages
147
@chromaniac,
That is not necessarily proof that they are storing the plaintext password. They could've just used the plaintext password for the account creation email and then discarded it.

----------

BTW, did the hackers release the stolen username/password list? I might've created an account there a long time ago :(
 

Similar threads


Top