Security Expert Reveals Cases of Skype Accounts Potentially Hacked through Skype Support
A computer security expert that goes by the online handle TibitXimer has made a claim that Skype accounts may be easily hacked through social engineering the Skype support team.
A number of Skype users have complained about their accounts being hijacked through a devious method where someone knows 3 to 5 of the victim's Skype contacts, first and last name, and an email address used for instant messaging. The perpetrator is then able to trick Skype support into giving over access to a specific account.
It may sound like a complex ordeal, but somehow hackers have discovered a way to collect a number of contacts (friends) and other limited information of certain Skype users to take over their account.
TibitXimer said in the situation, "Due to my account being stolen (not hacked) through Skype my account was used to scam people out hundreds of dollars along with damaging my reputation for my product's security due to thinking I had low security on my Skype account or email address, when in reality, it was Skype Support's fault my account was stolen, multiple times, and had nothing to do with end-users (me in this case)."
After contacting Skype in regards to this matter, the researcher was shocked that their response was so vague in not taking much responsibility for what should have been viewed as a potentially serious security issue.
One of the replies made by Skype said "I understand your frustration and we are constantly revising our process to ensure your account access is blocked to malicious users while at the same time valid password recoveries still make it through."
Obviously, that is not enough to conclude that Skype is a relatively safe environment. However, Skype later came back with an additional statement: "We take the security of our customers extremely seriously, and have been making ongoing enhancement to help protect customers. We have processes in place that would help protect against password reset scenarios such as this, and our customer support agents remain available to help customers as needed."
In the past, we reported on many occurrences of potential security issues within Skype that later led to a multitude of compromised accounts. Basically, hackers could theoretically scam users out of money when armed with compromised accounts. The latest finding by TibitXimer is more than likely one of many probable security holes that have yet to be discovered within communication platforms like Skype.
For the time being, we are suggesting that Skype users use a Microsoft account to log into Skype, which will use a two-step verification process for a more secure account.