Skype accounts are getting hacked, and it’s a problem

Hundreds of Skype accounts have been hacked and it didn’t just happen overnight. Thanks to a tip sent by one of our readers, we’ve found that users have been reporting messages from hacked accounts since August. Users say that they have received multiple Baidu links from their friends’ accounts, even if they didn’t send it themselves. This includes those that have Microsoft’s two-factor authentication security measure in place.

So what is the hack exactly? For those users that linked their Skype accounts to Microsoft accounts, the former Skype password is still activated. This leaves a security hole that can be used to break into your account and use it as you would. But it isn’t a breach in Skype security according to a statement to The Verge.

“Some Skype customers have reported their accounts being used to send spam,” says a Microsoft spokesperson in a statement to The Verge. “There is no breach of Skype security, instead we believe criminals are using username and password combinations obtained illegally to see if they exist on Skype. We continue to take steps to harden the login process and recommend customers update their Skype account to a Microsoft account to benefit from added protections such as two-factor authentication.”

The Verge also  reached out to an anonymous Microsoft employee whom also got their Skype account compromised. The solution, they pointed out, was to shirk the former Skype account password and opt for a Skype alias. Haven’t heard of the setting? No, neither had most people. The feature is hidden and not publicized even towards the users that have been repeatedly reporting the hacking.

Here’s how to secure your Skype account:

  • Go to https://account.microsoft.com, if you’re already signed in, sign out.
  • Enter your Skype name, not your Microsoft Account email address, and use your Skype password to sign-in
  • If you’ve linked your Microsoft Account previously, you’ll be prompted to sign-in and merge the accounts to create a Skype alias

Once the two accounts are properly merged, Microsoft creates a Skype alias to let you keep signing in with a Skype username. You can continue using this or disable it under the aliases preferences, to ensure nobody can try to sign in with your Skype username. Either way, you won’t be able to use your old Skype password anymore, and attackers will have to know the email address associated with your account.

Hopefully, Microsoft’s attempts to integrate Skype with their accounts won’t cause troubles as we look forward to the new Microsoft Teams application with built-in Skype chat, video, and voice. Let us know if this solution worked for you.

Share This
Further reading: , , ,

Have you experienced the Skype account breach?