FlickrIt is painfully easy for hackers to hijack your Skype account and then use it to spam your Skype contacts, says a guy who had his Skype account stolen six times in one day.
Over the weekend, “Dylan,” aka @TibitXimer on Twitter, a self-proclaimed security researcher/hacker, contacted Skype when he discovered his account had been hijacked. Skype asked him a few basic questions and then reset the account.
The problem is that those same easy-to-answer questions are what allowed spammers to hijack his account in the first place.
When someone contacts Skype to say they want a new email address and password, Skype asks people to tell them things like naming three to five Skype contacts, giving them an email account used with Skype, or giving a first and/or last name, Dylan explained.
He says it’s easy for a hacker to learn those things, call Skype and gain control of the account.
After the sixth time he had his account stolen on Saturday, Dylan posted a message to the Skype help forum and started Tweeting about it:
@skypesupport my skype was given away to over 6 people in one day due to them just knowing my email, name, and 5 contacts on my account
— Tibit (@TibitXimer) April 25, 2013
Other people tweeted about getting their Skype accounts hijacked, too.
— Jana Veliskova (@jveliskova) April 29, 2013
Skype fixed the problem with Dylan’s account, it says, but it’s unclear if they will change their support policies to make it harder to get a Skype account reset.
We’ve reached out to Skype PR and Microsoft PR for comment.