Jump to content

Skype Accounts getting Hacked

xGGAx

I woke up this morning to find a security alert  in my phone. The message was from Microsoft so I was worried to say the least. Long story short, my skype account was hacked and used to send spam( or phishing) urls to my contacts.

 

 

hackeo11.png

 

hackeo2l.png

 

I did some googling and I found this:

http://www.theverge.com/2016/11/8/13561024/microsoft-skype-baidu-linkedin-hack

 

Quote

If you've received a weird message on Skype with a link to Baidu or LinkedIn recently, you're not alone. In the past couple of weeks, I've received spam links to Baidu from six of my Skype contacts, one of whom works for Microsoft's PR agency and another is a former Microsoft employee. All were surprised to see their accounts breached, and some believed they were protected by Microsoft's two-factor authentication. That wasn't the case, though.

 

A thread on Microsoft's Skype support forums reveals this has been occurring to hundreds of Skype users since at least August. Breached Skype accounts are used to send thousands of spam messages before they're locked and the owners have to regain access. Skype has fallen victim to similar attacks before, and hackers were able to spoof messages on the system last year after using lists of stolen usernames and passwords to gain access to accounts.

 

"Some Skype customers have reported their accounts being used to send spam," says a Microsoft spokesperson in a statement to The Verge. "There is no breach of Skype security, instead we believe criminals are using username and password combinations obtained illegally to see if they exist on Skype. We continue to take steps to harden the login process and recommend customers update their Skype account to a Microsoft account to benefit from added protections such as two-factor authentication."

 

Keep an eye in your Skype account, enable 2 way authentication and disable your skype alias for sign in:ph34r:

 

 

 

 

Core i7 7700k Kabylake stock + Kraken x52 | ASUS Z170-A | 8GB DDR4 2133MHz HyperX | ASUS GeForce GTX 1060 STRIX 6GB | 250GB SSD Samsung 850 EVO + 2TB HDD WD RE4 | Seasonic X-Series 650w | Corsair 460x RGB  | Win 10 Pro 64 bit | Corsair M65 PRO RGB Mouse | Corsair K70 RGB RapidFire

 

Link to comment
Share on other sites

Link to post
Share on other sites

You're not the only one mate :P 

Me as well...

UAfc1OJ.jpg

Looking at my signature are we now? Well too bad there's nothing here...

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

What? As I said, there seriously is nothing here :) 

Link to comment
Share on other sites

Link to post
Share on other sites

Damn this is big, just look at the Skype forums
https://community.skype.com/t5/Security-Privacy-Trust-and/bd-p/Security_and_Privacy

 

Apparently they are using passwords from old hacks such as Linkedin and myspace to see if they match Skype usernames. 
 

@Mr.Meerkat

Check if your name/email appears on https://haveibeenpwned.com/

I found my email in the myspace hack from a few years ago.

Core i7 7700k Kabylake stock + Kraken x52 | ASUS Z170-A | 8GB DDR4 2133MHz HyperX | ASUS GeForce GTX 1060 STRIX 6GB | 250GB SSD Samsung 850 EVO + 2TB HDD WD RE4 | Seasonic X-Series 650w | Corsair 460x RGB  | Win 10 Pro 64 bit | Corsair M65 PRO RGB Mouse | Corsair K70 RGB RapidFire

 

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, xGGAx said:

Damn this is big, just look at the Skype forums
https://community.skype.com/t5/Security-Privacy-Trust-and/bd-p/Security_and_Privacy

 

Apparently they are using passwords from old hacks such as Linkedin and myspace to see if they match Skype usernames. 
 

@Mr.Meerkat

Check if your name/email appears on https://haveibeenpwned.com/

I found my email in the myspace hack from a few years ago.

Not my normal usernames but my email is from Warframe's 2014 hack :/ (but my skype was hacked with my skype's username so...)

Looking at my signature are we now? Well too bad there's nothing here...

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

What? As I said, there seriously is nothing here :) 

Link to comment
Share on other sites

Link to post
Share on other sites

2 minutes ago, Mr.Meerkat said:

Not my normal usernames but my email is from Warframe's 2014 hack :/ (but my skype was hacked with my skype's username so...)

well, they can easily generate usernames or use common combinations.
Another thing is that skype  apparently disabled the login attempt limit during the MS merge. So hackers can try unlimited number of passwords for any given username. A bot or script can do this in minutes of even less.

Core i7 7700k Kabylake stock + Kraken x52 | ASUS Z170-A | 8GB DDR4 2133MHz HyperX | ASUS GeForce GTX 1060 STRIX 6GB | 250GB SSD Samsung 850 EVO + 2TB HDD WD RE4 | Seasonic X-Series 650w | Corsair 460x RGB  | Win 10 Pro 64 bit | Corsair M65 PRO RGB Mouse | Corsair K70 RGB RapidFire

 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×