Microsoft Store India Hacked, Passwords Leaked

The Indian Microsoft store Web site has been hacked. The Web site is currently inaccessible, but it previously feature a message from a hacker group called EvilShadowTeam.

From the language used in the hack and those claiming responsibility, the attack seems to have come from a Chinese group according to WP Sauce. The actual damage was not immediately present until the hackers released all of the Web sites users’ account details – including passwords – onto the Internet for other hackers to have their way with. The unfortunate thing is that the passwords were stored in plain text making it ridiculously easy for the hackers to obtain them.

While the site is in Chinese, HackTeach has images that illustrate the extent of the damage and just how unprepared the India Microsoft Store was for an attack like this.

Microsoft has not yet commented on the hack, but I’m sure they will once they’re able to fully grasp how far this attack went.

The only thing we can say is that if you have an account on the Indian Microsoft store, change your password now.



Microsoft Updates Ad Policies on Relevance & Quality


Microsoft adCenter, the driving force behind Bing and Yahoo ads, has updated their terms of service for relevance and quality. The update clarifies policies on deceptive ads and hinders direct response advertising.

The Updated Policies

One of the biggest changes is “an expanded definition of relevancy, and a higher standard of relevancy required for extremely popular or ‘trending now’ keywords,” according to Microsoft representative Simone Schuurer. Among other things, this translates to “ads that aren’t aligned with the new policy becoming less prominent or, in some cases, being excluded.”

Additionally, Microsoft has made some changes in terms and definitions that are clear attempts to defuse direct response advertising (ads for third parties that use targeted landing pages or automatic redirection; the advertiser gets a commission for generating leads or sales). Here are some of the new terms that specifically hinder or exclude direct advertising:

Landing page and site content should not: Function primarily to support the display of advertising or attract traffic [or] have as its sole purpose to redirect to other businesses, without adding significant value as an intermediary, for example, by providing enhanced pricing, product or merchant information.


Sites driving users directly to a sign up or login page must enable the user to link back to the main homepage or supporting content describing services and terms of use.


Added as a scenario that may be considered a low-value user experience: Sites that “Bait and switch” the user, for example, redirect site visitors unexpectedly to unrelated domains.


The following may be excluded: Sites that misrepresent the origin or intent of their content and as a result are likely to deceive a portion of the target audience.

Other changes primarily focused on clarifying the language so it was obvious that phishing attempts, the collection of personal identification information, intentionally confusing users to get a sale or lead, and preventing users from leaving the site. However, the main changes seem aimed at making low-value targeted landing pages for a third party or instant redirection to a third party difficult, if not impossible.

The changes are being implemented officially this week in the U.S. and Canada. As of yet, no flag or notification is being given to advertisers; it’s wise for anyone who treads at all close to the above-mentioned territories to keep an eye on their ad performance.

Please visit: SEO Blog