Macrosoft exposes private data of license buyers


Cybersecurity neglect has resulted in a massive data leak affecting nearly 100,000 users in Italy who purchased software licenses.

Buying digital products from third-party vendors not affiliated with the original source always carries risks, with each step in the supply chain adding additional attack surfaces. On March 13th, the Cybernews research team discovered an open web directory belonging to Romania-based license key reseller Macrosoft Store S.R.L.

directory macrosoft
Open web directory belonging to Macrosoft

With a client base mainly in Italy, the store resells license keys for digital software, including Windows, Windows Server, Microsoft Office, Adobe Creative Suite, AutoCAD, and various antivirus software.

The discovered directory contained a recent database backup of the store’s website, allowing anyone to download the backups and access the private user data stored within. The data leaked could be used for spam, doxxing, phishing attacks, malware attacks, business intelligence, and identity theft.

The leaked data included:

  • Names
  • Email addresses
  • Phone numbers
  • Home addresses
  • Dates of birth
  • Partial payment information
  • User device and network information
  • Live chat messages
  • Hashed passwords
Customer account information
Customer account information

Some user passwords were stored using the secure Bcrypt hashing algorithm, while others were hashed using an old, insecure hashing algorithm MD5, making them vulnerable to cracking.

The leaked data revealed that the license key store works under multiple brands – macrosoft.store, macrosoft.me, ciaokey.it, as well as previously used and no longer active domains – megakey.eu, microesd.fr, microesd.pl, microesd.ro, microesd.co.uk.

The data in the database backup also suggests that the Macrosoft store has ties to multiple other companies, the majority of which are registered under the same address in Romania.

Domains under which the shop operates/used to operate
Domains under which the shop operates/used to operate
Live chat messages
Live chat messages
User device and network information
User device and network information
Email metadata
Email metadata
Partial payment information
Partial payment information

Gray market of license resellers

The industry of third-party license key resellers, especially the selling of game keys, has been heavily scrutinized and often referred to as the gray market.

The sellers are frequently accused and sometimes proven, of acquiring licenses through illegitimate or unethical methods. One such is selling secondhand keys purchased with stolen credit cards.

G2A, a digital marketplace for gaming products, has been previously accused of “facilitating a fraud-fueled economy." However, the marketplace defended itself as its business model is facilitating a platform for third-party vendors.


More from Cybernews:

The $100 cybersecurity budget – how cyber pros would spend it

Ukrainian hackers left Moscow’s sewage system without 87,000 sensors

Cybergang attack Germany using AI-generated code

Apple warns of 'mercenary spyware attack'

LockBit bungles attempt to rebrand as DarkVault

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are markedmarked