Skype Account Hjiack Vulnerability Via Skype Support Discovered
He notes that his account wasn’t “hacked” per se; it was simply stolen, using basic information to dupe Skype support into verifying the account’s ownership. And it happened to him multiple times in one day. And the thief (or thieves) used his account to scam people out of hundreds of dollars.
A Skype forum admin finally responded, saying in part:
Skype CS is looking into your case. Our unlock policy does in fact require more that just the information you have quoted and we are checking where the failure happened during the required steps of verification.
I understand your frustration and we are constantly revising our process to ensure your account access is blocked to malicious users while at the same time valid password recoveries still make it through.
Whatever the admin says, if Ximer is correct about the lack of security, that means essentially all Skype users are vulnerable. He further complained in his post that Skype lacks the following security measures:
- Security Questions
- 2-factor Authentication
- Good Support that looks into these issues
- Support that can understand plain English and follow through with the request correctly instead of mistaking the my clear request for something different.
- 24/7 support
- A real security policy to actually verify ownership of accounts
Ouch. Microsoft did tell Network World that one measure that can help mitigate the security risk is to log in to Skype via your Microsoft account, which features two-step verification. Somehow that’s not making us feel a whole lot safer.