Microsoft advises Skype users to change passwords, as Spoofed messages continue to trouble users
Skype is back in the spotlight once more, and it is not for a good reason.
The Microsoft owned VOIP service, is having a major issue: Spoofed messages.
If you aren’t familiar with the term, Spoofed messages refer to texts which appear to be sent from a known source, but they are not.
And it only gets worse from here, apparently this issue isn’t new. Yes, hard to believe isn’t it? This thread at the Skype Community Forums was created three weeks ago. According to the user this is the problem:
I received a message earlier today from a friend on my contact list whom I don’t normally have Skype conversations with. The link resolves to a Russian/.ru site so I immediately knew I had been duped and closed the window before the page loaded.
As we may speculate, his friend’s account was probably hacked, and that was the cause of such malicious messages, right? Well, no. The user reports that his friend, checked his account but didn’t notice any activity in Skype or in his connected Microsoft Account.
So how is this possible? This isn’t an isolated cause, plenty of users have such issues, and have reported it at the at the Skype forums thread which is now passed 23 pages. All users say that are seeing the exact same message being sent out of their accounts to their contacts.
What is the Redmond Company’s stand on this? A community manager posted this:
Our engineers are still looking into this. Meanwhile we’d recommend everyone to change their account passwords for all your Skype related accounts, i.e. also update your Microsoft account password if you linked that to your Skype account. Here’s how: https://support.skype.com/en/faq/FA95/how-do-i-change-my-password
This was the statement issued two weeks ago, and five days later Skype officially acknowledged the issue on Twitter, says The Register. But the issue continues to plague users. The problem is not at the user end at all.
Some posts at the Skype forums suggest that the issue originated from the recently launched Skype for Web. One post says that a user observed his recent activity and found several instances of “incorrect passwords” and a login traced to his IP address, in Internet Explorer, which apparently he did not use.
But all these reports appear to be ignored by Skype, and no resolution has been announced to fix this major security flaw.
Personally I would advise, unlinking your Microsoft account from Skype, and also enabling two-factor authentication for your MSA. This option is not available for Skype yet. If only the company would fox this security hole.