Expert Says Skype Accounts Can Be Easily Hacked via Skype Support


April 29th, 2013, 11:27 GMT · By Eduard Kovacs

If anybody knows me I have always been a strong proponent of not allowing nor permitting employees to Skype on business machines.. Skype is a toy/game leave it on the home PC

Expert Says Skype Accounts Can Be Easily Hacked via Skype Support

A security researcher that uses the online moniker TibitXimer claims that Skype accounts can be easily hacked by social engineering the company’s support team. He came to this conclusion after his own account had been hijacked six times in a single day.

TibitXimer says that accounts can be taken over by anyone who knows 3-5 of the victim’s Skype contacts, their first and last name, and an email address that was used for the instant messaging application at any point.

With this information, anyone can allegedly trick Skype support into handing over access to an account.

“Due to my account being stolen (not hacked) through Skype my account was used to scam people out hundreds of dollars along with damaging my reputation for my product’s security due to thinking I had low security on my Skype account or email address, when in reality, it was Skype Support’s fault my account was stolen, multiple times, and had nothing to do with End-users (me in this case),” the expert said.

He immediately contacted Skype to report the issue, but the company’s reply wasn’t what he had expected.

Around three hours ago, one Skype representative responded on the thread posted by TibitXimer on the community forum. He says they’re investigating the matter, but denies that Skype accounts can be hijacked as easily as the expert described it.

“Skype CS is looking into your case. Our unlock policy does in fact require more than just the information you have quoted and we are checking where the failure happened during the required steps of verification,” the Skype representative wrote.

“I understand your frustration and we are constantly revising our process to ensure your account access is blocked to malicious users while at the same time valid password recoveries still make it through.”

Tags: , , ,

Comments are closed.

%d bloggers like this: