If you ever used your credit card to shop at the Microsoft Online Store in India, it may be a good idea to stop everything you’re doing and call your bank to get your credit card blocked. That’s because your credit card number, your address and everything else that a fraud needs to use your credit card online, could later become available in the underground market.

The story so far..

Earlier this month, the Microsoft India Store website was hacked and Microsoft, the following day, sent out an email saying that email addresses, passwords and shipping address of users may have been stolen. The email also said that payment information was not exposed to hackers.

We have confirmed that databases storing credit card details and payment information were not affected during this compromise. However, exposed account details may include non-financial related information including e-mail address, password, order details and shipping address.

The Microsoft Store was hacked more than two weeks ago but the website is still down indicating that the impact was much larger than they initially imagined.

Latest update..

And it is. Microsoft sent another email this morning confirming that hackers may have stolen credit card details of customers as well.

Further detailed investigation and review of data provided by the website operator revealed that financial information may have been exposed for some Microsoft Store India customers.

Microsoft had outsourced their online store to an advertising and digital marketing agency called Quasar Media and this company was probably storing customers confidential data in plain text inside a Microsoft Access database that hackers got hold of.

This is extremely disappointing.