Skype has a hole in its security by which any one can get access to anybody’s Skype account and this hole revealed by a user, whose account was hacked more than 5 Times in a day after that user tried to recover his account by a simple process that anyone can use to hijack any Skype Account.
The Process is really simple just you have to connect with the Skype Support and they will ask you only 3 questions, which are really simple and anyone can answer that by using some Social Engineering.
Simple questions which Skype support representative ask:
- 3-5 of your contacts on Skype
- 1 email you’ve used on Skype at any point
- Your first and/or last name
Screenshot taken by User when Skype support representative ask him some simple questions and successfully verified his account that anyone can do:
After answer these question you will got access to anyone’s Skype account, here is a user personal experience who revealed this hole in the Skype Security:
My Skype was stolen 6 times in one day. Skype support never saw anything wrong with that. It was stolen around 3pm on the first day. I recovered it through Skype support with just the information listed above within 30 minutes. In less than 2 hours after recovering my account, it was stolen by another person. The Skype then was recovered by a friend of mine while I was at dinner. When I got back and changed the info to my own again, it was stolen later that evening. Another friend recovered it for me and tried to keep the scammer out of my account.
Picture 1: http://www.hackersnewsbulletin.com/wp-content/uploads/2013/04/eWaDMTI2.png (Some personal info removed)
They did at least ask me if I had purchased premium in the past on that time, however, it wasn’t even me, it was a picture from the chat my friend had with support while I was asleep, he just used my name, email, 5 people he knew I had added on Skype since I had over 800 contacts, and a random month (he used march 2013, which I was not a Skype premium customer at that time and haven’t been since last November).
Picture 2: http://www.hackersnewsbulletin.com/wp-content/uploads/2013/04/HSvS5of.png (Partial Names blacked out)
This chat he was trying to alert support about it, they didn’t really pay attention or understand what he was saying.
Skype must take some steps to increase its security like others do (Security Questions, 2-factor Authentication) and many more
The user who revealed this (@TibitXimer)