top | item 39418034

(no title)

kvakkefly | 2 years ago

My Skype account was hacked many years ago. It started with me getting an email about some credits being added (from my credit card that was in the system).

When I logged onto Skype, I had a new name, and a new contact, both of which were Ivan something. I immediately started chatting with Ivan, who told me that there was a weakness in the Skype login security, which he tried to exploit.

I changed my password to another Medium to Strong password, and a few minutes later my name was again changed to “Anders xoxo Hafreager”, and a message that he had hacked me again.

I still don’t know what he did or how he did it.

discuss

fl0ki|2 years ago

Check if you have an old email or phone number tied to the account. Attackers can get Microsoft to send one-time codes to them, no matter what else you have set up on the account. Worse, it seems this feature was added some time ago and every account was automatically opted into it.

I was getting dozens of one-time code emails per day caused by login attempts via what must have been Tor. None of them were successful logins, but it got me worried. They seem to have stopped after I reworked my account's requirements to include OTP, but now every couple of days my Skype app posts an error that it couldn't log in, when it is clearly logged in just fine. Even that OTP can't be a standard one, it has to be Microsoft authenticator.

Microsoft has been improving in a lot of ways lately but this is not just embarrassingly bad, it's substantially worse than it was a few years ago.

dboreham|2 years ago

MS didn't invalidate the token he had when you changed the password?