By BS Reporter
Microsoft was in for a rude shock late Sunday night when the leading packaged software maker discovered that its Indian retail website has been hacked.
The incident has not forced the company to pull down its India site temporarily; it also gave hackers access to the password and ID of the users.
A Microsoft spokesperson, when contacted, confirmed the development.
Even so, the financial details of the users are safe, the official added. "Immediately after the report surfaced, our technical team swung into action and informed the users to change their password. So, their financial details such as credit card number and other details are safe."
In an e-mail statement, Microsoft said the company was investigating the limited compromise of the company's online store in India. "Customers have been notified and provided with guidance to reset their passwords. We are diligently working to remedy the incident and keep our customers protected," the statement added.
Microsoft Store India is not run by Microsoft, but by an Indian vendor called Quasar Media. Microsoft is yet to confirm how the hackers broke into their system.
This is the latest case of website hacking in the country. According to the data with CERT-IN, which is the national nodal agency for responding to computer security incidents, as many as 1,425 websites were defaced in India last month alone. Last year even saw the website of the country's Central Bureau of Investigation having been hacked.
The Microsoft Store India website, www.microsoftstore.co.in, showed an error message: "The Microsoft Store India is currently unavailable. Microsoft is working to restore access as quickly as possible. We apologize for any inconvenience this may have caused."
According to cyber security expert Ankit Fadia this kind of security incidents are unavoidable. "We should learn to accept this reality. Two days ago, even the CIA website became inaccessible for hours."
Fadia also has a word of advice for the netizens. "Try to use multiple passwords." One should not use single password for e-mail, net banking, e-commerce and others.