Home / Info Sec / Skype support security issue, scammers easily steal accounts

Skype support security issue, scammers easily steal accounts

Skype is undeniably a very useful service, it makes internet call for free. For the couple of years, it evolved into the best voIP provider in the world allowing users to communicate with peers by voice using a microphone, video by the webcam, and instant messenger over the internet. But the Luxembourg based company, part of Microsoft is falling to security issues in some point.

In a post in Skype community by “ximer, ” he tells about how bad is the security support team of Skype is. He claimed, his account was stolen 6 times under 24 hours.

How is it possible? How can anyone steal your Skype account with just the following?

  1.  3-5 of your contacts on skype
  2.  1 email you’ve used on skype at any point
  3.  your first and/or last name

“That’s it. It’s extremely simple. My skype was stolen 6 times in one day,” the Skype user said.

“Skype support never saw anything wrong with that. It was stolen around 3pm on the first day. I recovered it through skype support with just the information listed above within 30 minutes. In less than 2 hours after recovering my account, it was stolen by another person, ” stated in detail.

“Due to my account being stolen (not hacked) through skype support (because Skype support didn’t verify if the person owned the account or not, just wanted those 3 points mentioned above) my account was used to scam people out hundreds of dollars along with damaging my reputation for my product’s security due to thinking I had low security on my skype account or email address, when in reality, it was Skype Support’s fault my account was stolen, multiple times, and had nothing to do with End-users (me in this case),” he added.

One friend of Ximer did recovered his account, and tried to alert support but the company does not seemed to be paying attention.

trying to alert support about it

More screen shot:


Mr. Ximer urged users to be aware of Skype’s current policy in securing accounts, and pointing out, why Skype does not have any of the following.

– Security Questions
– 2-factor Authentification
– Good Support that looks into these issues
– Support that can understand plain English and follow through with the request correctly instead of mistaking the my clear request for something different.
– 24/7 support
– A real security policy to actually verify ownership of accounts

The victim then left a message, “This issue has cost me time, money, and hurt my business reputation as well as I did some support for customers through skype, the skype account was being used to scam people out of money by the person who had stolen my skype because Skype Support did NOT verify ownership of the account appropriately.”


About Clifford Trigo

I am Clifford Trigo a proud Boholano / Pinoy / Filipino Web App Security Researcher. Day by day, I'm learning new things :)) Visit my Hackerone Profile, currently at top 2 overall :D