Spammers Can Easily Hijack Your Skype Account, Says A Security Researcher Who Lost His Account Six Times

Skype

See Also

Inside one of the most exclusive streets in San Francisco that a couple bought for $90,000 and was forced to return to the city

A cybersecurity expert showed us how hackers can tap into an office phone and listen to everything you’re saying

Uber’s data breach was relatively small when compared to the Yahoo hack

It is painfully easy for hackers to hijack your Skype account and then use it to spam your Skype contacts, says a guy who had his Skype account stolen six times in one day.

Over the weekend, “Dylan,” aka @TibitXimer on Twitter, a self-proclaimed security researcher/hacker, contacted Skype when he discovered his account had been hijacked. Skype asked him a few basic questions and then reset the account.

The problem is that those same easy-to-answer questions are what allowed spammers to hijack his account in the first place.

When someone contacts Skype to say they want a new email address and password, Skype asks people to tell them things like naming three to five Skype contacts, giving them an email account used with Skype, or giving a first and/or last name, Dylan explained.

He says it’s easy for a hacker to learn those things, call Skype and gain control of the account.

After the sixth time he had his account stolen on Saturday, Dylan posted a message to the Skype help forum and started Tweeting about it: 

@skypesupport my skype was given away to over 6 people in one day due to them just knowing my email, name, and 5 contacts on my account

Other people tweeted about getting their Skype accounts hijacked, too.

@tibitximer @skype My account was hijacked and they changed/added email. Can’t reset password bc the token expires. Support’s terrible.

Skype fixed the problem with Dylan’s account, it says, but it’s unclear if they will change their support policies to make it harder to get a Skype account reset.

We’ve heard back from Skype PR who denies that its easy for hackers to grab Skype accounts this easily.  “We have been making ongoing enhancements to help protect customers. We have processes in place that would help protect against password reset scenarios such as this,” Skype said in an emailed statement.

Skype also suggests that people use an account that supports two-step verification and use that to log into Skype, such as a Microsoft account. It verifies changes to the account by sending an email to another account or a text to a phone number.

SEE ALSO: The 10 Most Important Companies In Cloud Computing

Leave a Reply

Your email address will not be published. Required fields are marked *