Waves of spam have been plaguing Skype users everywhere since August. Dubious messages are sent from your own Skype account that were taken over by password theft. How can something like this happen and how can I protect myself from this security issue?
As t3n reported, Skype is currently being hit by a wave of spam.
Since August, Skype users have been complaining about messages that are all link redirects and are hosted on the Chinese online giant Baidu.
For example, they lead to dubious online offers of alleged miracle pills that are supposed to increase brain capacity. The websites use logos of well-known media brands such as Forbes or CNN.
Source: t3n – link redirection to dubious online offer
According to Microsoft, this is not a direct hack of Skype, but rather criminals trying out masses of email accounts and password combinations . Millions of data fell into these criminals' hands through hacks of other services (Linkedin, Yahoo, Dropbox, Tumblr...) in the past few months.
Problems with passwords that are used multiple times
The criminals took over accounts of users who use the same combination of email address and password on Skype and sent spam messages using these accounts. This means that account holders who use the same password for several services open the door particularly easily.
Microsoft is also not entirely innocent
But it's not just the users themselves who make it easy for criminals:
Microsoft allows users to combine their Skype and Microsoft accounts. What they don't know, however, is that Skype passwords will continue to work in combination with the Skype username. If the password was too insecure or one that is also used for other services, there is a possible gateway that many users are unaware of.
What's particularly bitter about this is that Microsoft's two-factor authentication can apparently be circumvented. A Microsoft employee tried it out himself by activating two-factor authentication and was still able to take over the account with the combination of Skype username and password:
“I tried this with my own account and was able to log into my Skype account with an old password, even though I had linked it to my Microsoft account months ago. I thought I was protected by Microsoft's two-factor authentication - but I wasn't."
How do I solve my Skype security problem?
After Microsoft became aware of the problem, the company released a fix.
Unfortunately, it is still unclear whether this will also apply to users who have already combined their Skype and Microsoft accounts.
If you want to make sure that your old Skype password no longer works, you can https://account.microsoft.com and enter the Skype name there - not the email address associated with the Microsoft account.
If this is still possible, the accounts should be linked. After that, the old Skype password no longer works, only the Microsoft account password.
The login settings can then be used to determine whether the Skype name can continue to be used as a login name alongside the email address. In any case, the old Skype password should no longer work.
Source: t3n
Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )