I'm doing this as a warning to the Skype Community. Did you know that anyone can steal YOUR Skype account with just the following?
- 3-5 of your contacts on skype
- 1 email you've used on skype at any point
- your first and/or last name
That's it. It's extremely simple. My skype was stolen 6 times in one day. Skype support never saw anything wrong with that. It was stolen around 3pm on the first day. I recovered it through skype support with just the information listed above within 30 minutes. In less than 2 hours after recovering my account, it was stolen by another person. The skype then was recovered by a friend of mine while I was at dinner. When I got back and changed the info to my own again, it was stolen later that evening. Another friend recovered it for me and tried to keep the scammer out of my account.
Due to my account being stolen (not hacked) through skype support (because Skype support didn't verify if the person owned the account or not, just wanted those 3 points mentioned above) my account was used to scam people out hundreds of dollars along with damaging my reputation for my product's security due to thinking I had low security on my skype account or email address, when in reality, it was Skype Support's fault my account was stolen, multiple times, and had nothing to do with End-users (me in this case).
Now, before they say, no this is not their policy or they have great support that focuses on security blah blah blah, it's just their bs. I've got plenty of proof and have recorded all my chats with skype support, which prove the support staff are not verifying account owners appropriately.
Picture 1: http://i.imgur.com/eWaDMTI.png (Some personal info removed)
- They did at least ask me if I had purchased premium in the past on that time, however, it wasn't even me, it was a picture from the chat my friend had with support while I was asleep, he just used my name, email, 5 people he knew I had added on skype since I had over 800 contacts, and a random month (he used march 2013, which I was not a skype premium customer at that time and haven't been since last November).
Picture 2: http://i.imgur.com/HSvS5of.png (Partial Names blacked out)
- This chat he was trying to alert support about it, they didn't really pay attention or understand what he was saying.
My chat with skype support recently on this issue:
Part 1: http://i.imgur.com/IkZj4a7.png
Part 2: http://i.imgur.com/n4nNvtd.png
Shortly after the conversation I got the email I was waiting for, it was supposed to be their managment / "a higher department" contacting me about the issues. However, instead I got this email:
Which clearly is not what I asked for them to do in the live chat with Skype support. I told the agent in the live chat that I already got my account back and was informing them of their mistakes hoping to prevent this issue in the future from other people getting their skype accounts stolen and to prevent mine from being stolen again. Not only that, but my account is not currently suspended nor was it when the support agent check it, I logged in a few minutes after that and was able to use it still and am able to at this very moment even though I've emailed two more requests to have it suspended.
This issue has cost me time, money, and hurt my business reputation as well as I did some support for customers through skype, the skype account was being used to scam people out of money by the person who had stolen my skype because Skype Support did NOT verify ownership of the account appropriately.
Why does skype NOT have ANY of the following?
- Security Questions
- 2-factor Authentification
- Good Support that looks into these issues
- Support that can understand plain English and follow through with the request correctly instead of mistaking the my clear request for something different.
- 24/7 support
- A real security policy to actually verify ownership of accounts
Due to this expirence I am trying to alert anyone and everyone I can that uses skype and trying to get Skype to actually change their policy to secure accounts. Even though there are many other issues with skype, let's just tackle one at a time. It's bad enough that anyone can get your real IP address by just knowing your skype username, now they can steal your account by just knowing a little bit of information about you.
Hopefully this will bring attention to the issue and prevent issues like this from harming others like it has done to me.
@TibitXimer - https://twitter.com/TibitXimer
27-04-2013 07:20 - last edited on 27-04-2013 18:21 by NormanM
I watched as this happened, and many other around the same time. There are guides being sold on how to exploit your support team and steal accounts. I no longer feel safe using skype, and I am really scared right now. I share a lot of very personal things on skype xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Shame on you,
As Eternal stated, there are guides going around on how to easily manipulate Skype Support, which is not hard to do at all, just knowing that basic information will allow anyone to take over your account. The security at skype seems to be non-existent. You can see anyone's IP address by just knowing their skype name, thus knowing where they are, and you can steal their skype account with ease, thus getting access to their recent private chats or skype group chats, along with being able to pretend to be that person which could cause a lot of issues and monetary loss.
27-04-2013 07:29 - last edited on 27-04-2013 18:24 by NormanM
Yes! This...I pay for a service that hides my ip address. Money I could use towards skype if they would secure their xxxxxxxxx Do you know how bad it sucks to get ddosed? Well, if you use your product check your name here: xxxxxxxxxxxxxxxxxxxxxxxxx
27-04-2013 07:30 - last edited on 27-04-2013 18:26 by NormanM
Censorship at it's finest...
Yes, there are many flaws with Skype's software. However, this thread is mainly dedicated towards their lack of security policy and support agents handing over accounts without verifying ownership of the account.
I really hope they can at least change their recovery policy.
I hope so as well, but only time will tell. Hopefully this will get their attention and bring the change Skype Support needs so despriately.
Also, this thread has over 1,400+ views in 2-3 hours.
Here is a news article on the situation as well: http://www.zdnet.com/alert-skype-account-hijack-te