Skype are stating that this is most likely due to credential re-use, however I know of one IT security professional whose account was compromised despite using a unique password that was always stored in a password manager. Skype accounts are actively being compromised via simple username + password authentication, with no second factor validations in play. Skype accounts have never supported two-factor authentication. Linking a Microsoft account never prevented the Skype-based sign in. This allowed me to login to my Skype account via my Microsoft Account ( Anybody who has used the Windows 8 or Windows 10 apps for Skype will have been encouraged down this path. (It does now.)Īfter Microsoft acquired Skype, they added support for ‘linking’ a Microsoft account to your Skype account. The sign up flow never used to prompt for an email address or phone number. Long time users of Skype will have set up their Skype account under a username. (Skype accounts aren’t always linked to email addresses, making the password recovery process notoriously difficult.) Issue Leaving them open leaves you at high risk of being the source of embarrassing spam messages to your contacts, and potentially being locked out of your Skype account for good. These vulnerabilities are simple to close. I expect many people to be in similar position, based on Microsoft + Skype’s approach to account migrations over the years. The links had been tagged with my owner username, likely to give them info on whose accounts to target next.Īfter a little bit of digging, I found vulnerabilities in my own Skype account setup. The spam messages were simple links via Baidu or LinkedIn open redirect endpoints. I received several spam messages from contacts of mine, all of whom were knowledgeable about IT security, and avid users of password managers and two factor authentication. There has been quite a peak of spam on Skype this week, involving compromised credentials.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |