You Are Here: Home » Industry News » New Wave of Attacks Exploit Skype Support Team to Hijack Users’ Accounts

New Wave of Attacks Exploit Skype Support Team to Hijack Users’ Accounts

A Skype user by the handle Ximer had his account stolen six times in a single day by a group of cyber-crooks. According to a post by the victim on the Skype Community forum, the attackers repeatedly conned the Skype support team into handing them control over Ximer’s account.

To restore access to a lost account, the Skype support team asks the user to provide three to five contacts on Skype, one e-mail address associated with Skype and the user’s first / last name. This allows anyone with minimum knowledge of the attacker to abuse the feature and request support control of the account.

Due to my account being stolen (not hacked) through skype support (because Skype support didn’t verify if the person owned the account or not, just wanted those 3 points mentioned above) my account was used to scam people out hundreds of dollars along with damaging my reputation for my product’s security due to thinking I had low security on my skype account or email address, when in reality, it was Skype Support’s fault my account was stolen, multiple times, and had nothing to do with End-users (me in this case),” Ximer wrote.

It appears Ximer’s account was snatched by a spammer who used the account, which in turn, made him look bad to his customers he was in touch with on Skype.

Skype is not the only company to have implemented a possibly defective account recovery mechanism. A couple of weeks ago, Apple was in a similar position because of improper validation of password reset checks.

About The Author

Senior E-Threat Analyst

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

Number of Entries : 331

Leave a Comment

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top