Your Skype Account Can Be Easily Hijacked, Says A Guy Who Was Hacked Six Times In One Day

FlickrIt is painfully easy for hackers to hijack your Skype account and then use it to spam your Skype contacts, says a guy who had his Skype account stolen six times in one day.

Over the weekend, "Dylan," aka @TibitXimer on Twitter, a self-proclaimed security researcher/hacker, contacted Skype when he discovered his account had been hijacked. Skype asked him a few basic questions and then reset the account.

The problem is that those same easy-to-answer questions are what allowed spammers to hijack his account in the first place.

When someone contacts Skype to say they want a new email address and password, Skype asks people to tell them things like naming three to five Skype contacts, giving them an email account used with Skype, or giving a first and/or last name, Dylan explained.

He says it's easy for a hacker to learn those things, call Skype and gain control of the account.

After the sixth time he had his account stolen on Saturday, Dylan posted a message to the Skype help forum and started Tweeting about it:

Other people tweeted about getting their Skype accounts hijacked, too.

Skype fixed the problem with Dylan's account, it says, but it's unclear if they will change their support policies to make it harder to get a Skype account reset.

We've heard back from Skype PR who denies that its easy for hackers to grab Skype accounts this easily. "We have been making ongoing enhancements to help protect customers. We have processes in place that would help protect against password reset scenarios such as this," Skype said in an emailed statement.

Skype also suggests that people use an account that supports two-step verification and use that to log into Skype, such as a Microsoft account. It verifies changes to the account by sending an email to another account or a text to a phone number.