Chinese hackers defaced the home page of the Microsoft Store in India and gained access to user names and passwords associated with the site on February 12. The store site, operated for Microsoft by Quasar Media, is currently offline.

The hackers, who call themselves "Evil Shadow Team," posted a link to their weblog on the store site's homepage as part of the defacement, along with screen shots of their defacement. The blog also included screen shots of what appears to be Windows management console access to the site itself, including internal files of the site displayed in a Microsoft Internet Information Services Manager console, as well as a view of the user profile database. The passwords for accounts were apparently stored in plain text in the database.

On their blog, the hackers said they were a low-profile group and claimed not to be masters of their craft. They also wrote that they were making the data from the site available to "any security enthusiasts" and that the homepage of the store was defaced because modifying the home page was "a powerful way to make Microsoft aware" of how poor security of the site was.

According to a report by IDG's John Ribero, Microsoft has begun an investigation of what it calls a "limited compromise" of the site. In a statement, Microsoft said that "store customers have already been sent guidance on the issue and suggested immediate actions."