Skype Account Hjiack Vulnerability Via Skype Support Discovered
Skype is having security troubles again. According to great big red flag raised by a user on the Skype community forums, Skype accounts are extremely vulnerable--through Skype’s own support system. The user, Ximer, said on the forum that anyone can steal your Skype account with very little to go on; specifically, all one needs is 3-5 of your contacts on Skype; an email you’ve used on Skype at some point; and your first and last name.
He notes that his account wasn’t “hacked” per se; it was simply stolen, using basic information to dupe Skype support into verifying the account’s ownership. And it happened to him multiple times in one day. And the thief (or thieves) used his account to scam people out of hundreds of dollars.
(click to enlarge)
A Skype forum admin finally responded, saying in part:
Whatever the admin says, if Ximer is correct about the lack of security, that means essentially all Skype users are vulnerable. He further complained in his post that Skype lacks the following security measures:
Ouch. Microsoft did tell Network World that one measure that can help mitigate the security risk is to log in to Skype via your Microsoft account, which features two-step verification. Somehow that’s not making us feel a whole lot safer.
He notes that his account wasn’t “hacked” per se; it was simply stolen, using basic information to dupe Skype support into verifying the account’s ownership. And it happened to him multiple times in one day. And the thief (or thieves) used his account to scam people out of hundreds of dollars.
;)
(click to enlarge)
A Skype forum admin finally responded, saying in part:
Skype CS is looking into your case. Our unlock policy does in fact require more that just the information you have quoted and we are checking where the failure happened during the required steps of verification.
I understand your frustration and we are constantly revising our process to ensure your account access is blocked to malicious users while at the same time valid password recoveries still make it through.
Whatever the admin says, if Ximer is correct about the lack of security, that means essentially all Skype users are vulnerable. He further complained in his post that Skype lacks the following security measures:
- Security Questions
- 2-factor Authentication
- Good Support that looks into these issues
- Support that can understand plain English and follow through with the request correctly instead of mistaking the my clear request for something different.
- 24/7 support
- A real security policy to actually verify ownership of accounts
Ouch. Microsoft did tell Network World that one measure that can help mitigate the security risk is to log in to Skype via your Microsoft account, which features two-step verification. Somehow that’s not making us feel a whole lot safer.
