By using this site you agree to the use of cookies for analytics, personalised content and ads. Read more

Skype Community has moved

You can find the new Skype Community here. For more information please read this post.

Link to "baidu" website sent to all of my contacts.

Routine Adventurer

DiZZyDRVA wrote:

I agree its an uncomfortable situation - and as someone who works in the "field" I understand both sides.

After spending sometime reviewing and discussing with colleagues who ran into a similar issue I calmed down. It bothers me that my Skype account was compromised but my Microsoft Account is the only thing I care about in this situation and ultimately I don't believe that was impacted.

 

Skype had a feature that allowed you to create a password if you had a Microsoft Account created Skype Account for "legacy" devices so somethings with this transition are not as neat as they should be but when the dust settles I hope  it`ll be the annoyance of a Skype login issue rather than a full on back-door vulnerability.

 


My problem is that I have about 6 or 7 contacts in my skype, but they managed to send the Baidu links to contacts from my "Microsoft Account which has 2FA Enabled" and the problem with that is that some of those people's names, aliases, e-mail addresses are not to be exposed in any way for reasons not to be mentioned, but similar cases would end people up in Guantanamo Bay in an US situation.

Flag for a Moderator
Message 181 of 679

The links beings sent out to contacts happened to me just now. It was sent to a few contacts and a contact called 'live', which I have no idea what that is.  I haven't used Skype in over 4 years- not even logged into it. My friend asked why I sent links to her so I requested my pw to log on and change it again. I'm on a Mac and have been for over 4 years. 

Flag for a Moderator
Message 182 of 679
Highlighted
Novel Adventurer

Just happened to me. At the Microsoft account activity page I found lots of records trying to log in into my skype account using my skype name for the last month. When it was successful - messages were sent. Also lots of messages were sent to a new 'live' skype account. I had a strong password.

So, what I think should be done:

1. Change passwords for skype account and for microsoft account.

2. Turn off ability to use your skype name to be able to login (MS account Security settings -> Change sign-in preferences) as two-step verification does not cover skype credentials.

3. Turn on two-step verification if you haven't done it yet.

4. Sometimes monitor suspicious activity at the account activity page.

Flag for a Moderator
Message 183 of 679
Novel Adventurer

Thank you very much Joe128; appreciate that detail.  If you have time/energy,

1. Change passwords for skype account and for microsoft account.

---Changed my Skype password; work on a Mac and Skype page says MS account isn't linked.

2. Turn off ability to use your skype name to be able to login (MS account Security settings -> Change sign-in preferences) as two-step verification does not cover skype credentials.

---As I'm on Mac I am guessing this doesn't apply

3. Turn on two-step verification if you haven't done it yet.

---Have been looking for this setting without success.  If I do find it and change the setting, does this affect people trying to reach me (or vice versa)?

4. Sometimes monitor suspicious activity at the account activity page.

---Not finding that either.  I do block anyone I don't know who asks to connect. 

Thanks to all the folks who help others here.

Flag for a Moderator
Message 184 of 679
Tourist

I got exactly same thing, my Skype sent baidu link to all my contacts. How do I know  from which device it was sent - from my desktop, laptop or phone?

Flag for a Moderator
Message 185 of 679
Novel Adventurer
Got the same problem. My password is (isn't this but is similar to) Apuychiusr39 and has only been used with this account, and the username is different than all accounts I use on other sites. I use Ublock Origin, scanned for viruses and got nothing. I think it's entirely Skype's fault. I changed my password and added 4-6 letters just in case but I bet this was not my fault.
Flag for a Moderator
Message 186 of 679
Casual Tourist

I had the same issue, I pulled out my old Xbox that I hadn't used for 3 years, logged onto my live account and wham, all my contacts where spammed. Sorry SKYPE, to me the issue should be investigated and we deserve more than a stock standard answer.

Flag for a Moderator
Message 187 of 679
Reliable Adventurer

It is not "Skype's Fault" 


SamLapointe wrote:
Got the same problem. My password is (isn't this but is similar to) Apuychiusr39 and has only been used with this account, and the username is different than all accounts I use on other sites. I use Ublock Origin, scanned for viruses and got nothing. I think it's entirely Skype's fault. I changed my password and added 4-6 letters just in case but I bet this was not my fault.

If anyone is at fault, it is the user for not changing their security settings to use their Microsoft Account ONLY and having 2FA enabled.

 

If you do not set that up properly and continue to use a normal skype login and not your Microsoft Account, that is your own fault. Whatever botnet that is currently targeting Skype, is cracking Skype Passwords only, if it cracked your Microsoft Account password then it still would not gain access as long as you have 2FA enabled.

 

Go back a few pages to where my last few posts are, read around there, there's directions on exactly what to do to fix this issue. Don't keep stretching this thread out unnecessarily, we've identified the issue and as a community have offered the solution.

 

Yes for the record, malware can cause this issue too, so always scan first if you have this issue, but also for ****s sake, fix your security settings people. The issue in this case is hacking, from most likely a botnet.

Flag for a Moderator
Message 188 of 679
Casual Tourist

Click on your contact then right click delete conversation.

Flag for a Moderator
Message 189 of 679
Novel Adventurer

amac999 wrote:

Thank you very much Joe128; appreciate that detail.  If you have time/energy,

1. Change passwords for skype account and for microsoft account.

---Changed my Skype password; work on a Mac and Skype page says MS account isn't linked.

 


Skype account and ms account should be linked. Then you will be able to turn off the ability to use your skype login and password to login into skype (they can't be covered by two-step verification). Then you will be able to turn on two-step verification for your account. 

 

amac999 wrote:

2. Turn off ability to use your skype name to be able to login (MS account Security settings -> Change sign-in preferences) as two-step verification does not cover skype credentials.

---As I'm on Mac I am guessing this doesn't apply

 

Doesn't matter what OS you are using. It's just an account (the same like Google account). Two step verification will use text to your mobile or application for android/iOS as an additional security step.

 

amac999 wrote:

 

3. Turn on two-step verification if you haven't done it yet.

---Have been looking for this setting without success.  If I do find it and change the setting, does this affect people trying to reach me (or vice versa)?

 

 

It affects only the way you are signing in into your account. You won't be able to login into your skype app without your mobile phone. Doesn't affect people trying to reach you.

 

amac999 wrote:

 

4. Sometimes monitor suspicious activity at the account activity page.

---Not finding that either.  I do block anyone I don't know who asks to connect. 

Thanks to all the folks who help others here.

 After linking skype and Microsoft account you will be able to see attempts to log in into your account.

 

 

Flag for a Moderator
Message 190 of 679