Monday, April 29, 2013

Your Skype Account Can Be Easily Hijacked, Says A Guy Who Was Hacked Six Times In One Day (MSFT)

Source: http://www.businessinsider.com/spammers-can-easily-hijack-your-skype-account-says-a-security-researcher-who-lost-his-account-six-times-2013-4

SkypeIt is painfully easy for hackers to hijack your Skype account and then use it to spam your Skype contacts, says a guy who had his Skype account stolen six times in one day.

Over the weekend, "Dylan," aka @TibitXimer on Twitter, a self-proclaimed security researcher/hacker, contacted Skype when he discovered his account had been hijacked. Skype asked him a few basic questions and then reset the account.

The problem is that those same easy-to-answer questions are what allowed spammers to hijack his account in the first place.

When someone contacts Skype to say they want a new email address and password, Skype asks people to tell them things like naming three to five Skype contacts, giving them an email account used with Skype, or giving a first and/or last name, Dylan explained.

He says it's easy for a hacker to learn those things, call Skype and gain control of the account.

After the sixth time he had his account stolen on Saturday, Dylan posted a message to the Skype help forum and started Tweeting about it: 

@skypesupport my skype was given away to over 6 people in one day due to them just knowing my email, name, and 5 contacts on my account

— Tibit (@TibitXimer) April 25, 2013

Other people tweeted about getting their Skype accounts hijacked, too.

@tibitximer @skype My account was hijacked and they changed/add! ed email . Can't reset password bc the token expires. Support's terrible.

— Jana Veliskova (@jveliskova) April 29, 2013

Skype fixed the problem with Dylan's account, it says, but it's unclear if they will change their support policies to make it harder to get a Skype account reset.

We've reached out to Skype PR and Microsoft PR for comment.

SEE ALSO: The 10 Most Important Companies In Cloud Computing

Please follow SAI on Twitter and Facebook.

Join the conversation about this story »

  -->