Serious Account Hacking Risk Exposed in Skype
Skype hacked
Microsoft disables password change in Skype after dead-easy method for hacking accounts is exposed.
Everybody was hit by the discovery how simple it was to hack into someone’s Skype account and kick them out. Allegedly, the security risk was first exposed on a Russian site, which claimed that they had actually sent Skype a letter about the back door they had found, but received no answer for months.
Here’s how it was supposed to work, allegedly of course:
- You had to know the victim’s email they used for Skype registration. Creating a new Skype account with this email address was the next step. Then you would get a warning that the email address is already in use, you needed to neglect that and continue with the process.
- Log on to Skype with the new account. Delete all cookies. You have full access.
- Send a request for a new password for the victim’s email address.
- You were supposed to receive a token to change the password. The last step was to change it and there you were, you could’ve logged in with the new password.
Skype’s new owner, Microsoft, acted in a few hours. Their smartest strategy was actually stopping to provide the password changing function, so the above method is not applicable anymore. But the question remains: how was it possible that the world’s most popular voice chat service had such a great security hole for such a ling time? Are there any more serious risk associated with the program?
Possible damages from Skype security hole
Hackers can reach the entire archive of your message conversations. Most online casinos use Skype for keeping contact with customers. Sensitive information such as account balances and casino promotion codes can be retrieved from the message history.
The hackers can also steal your identity and call or message anybody. If you have credit, they can also call land phones and mobile devices with you paying for it.
You can also take steps for protecting your Skype account. Just register a mail account that no-one knows about, and set it as the email address. We advise you to do the same with online and mobile casino services.