The last time anything from Microsoft was reported as being hacked goes back to November 2010 when a developer reportedly "hacked" the Kinect for Xbox 360 and just recently the Microsoft Store for India, operated for Microsoft by Quasar Media, was temporarily taken offline in response to attacks from the group Evil Shadow. This adds the Microsoft Store to a long list of other companies that have been hacked over the past 2 years such as Sony's PlayStation Network (now the Sony Entertainment Network), Sega Pass Online, Electronic Arts and Activision's Call of Duty Elite service.
On Monday the 13th, Microsoft decided to take their India store offline after realizing that it's customer database might have been compromised. In a blog post, someone calling themselves 7zl and the organization Evil Shadow, took credit for the attack. They also released usernames and passwords to accounts that Microsoft had kept stored in plain text. In most cases, retailers only secure the minimum amount of information required by the Payment Card Industry Data Security Standard which only really entails encrypting payment processing information. As bad as this is for customers, it's still a step up from Twitter employees storing usernames and passwords in plain text in their gmail accounts. Microsoft released a generic statement saying that they are dealing with the situation.
The store customers have already been sent guidance on the issue and suggested immediate actions. We are diligently working to remedy the issue and keep our customers protected.