I even tested this on my own personal accounts, and I was able to log into my Skype account with an old password despite linking it to my Microsoft Account months ago. The Microsoft employee had used two-factor authentication, but hackers were able to log in using an old Skype username and password combination. I spoke to a Microsoft employee, on condition of anonymity, who had a Skype account breached recently. Your Skype account might not be as secure as you think If that password isn't secure or you used it elsewhere then hackers can use it to gain access to Skype, bypassing any two-factor authentication provided by Microsoft. If you already enabled this months ago, it turns out that Microsoft has kept your original Skype account password separate so that it can still be used to access the service with a Skype username. Microsoft offers the ability to link a Skype and Microsoft Account together to make sign-in and security easier. This year's attack appears to be growing in size, and Skype users might think they're protected by Microsoft's two-factor security, when in reality they're probably not.
We continue to take steps to harden the login process and recommend customers update their Skype account to a Microsoft account to benefit from added protections such as two-factor authentication." "There is no breach of Skype security, instead we believe criminals are using username and password combinations obtained illegally to see if they exist on Skype. "Some Skype customers have reported their accounts being used to send spam," says a Microsoft spokesperson in a statement to The Verge. Microsoft says there is no breach of Skype security Skype has fallen victim to similar attacks before, and hackers were able to spoof messages on the system last year after using lists of stolen usernames and passwords to gain access to accounts. Breached Skype accounts are used to send thousands of spam messages before they're locked and the owners have to regain access. That wasn't the case, though.Ī thread on Microsoft's Skype support forums reveals this has been occurring to hundreds of Skype users since at least August. All were surprised to see their accounts breached, and some believed they were protected by Microsoft's two-factor authentication. In the past couple of weeks, I've received spam links to Baidu from six of my Skype contacts, one of whom works for Microsoft's PR agency and another is a former Microsoft employee. If you've received a weird message on Skype with a link to Baidu or LinkedIn recently, you're not alone.