My Compromised Skype *embarrassed face*

You know it can happen to anyone, right? You load up a program you have not used in a while and BAM! you find you are spamming everyone on your contact list. Today I have turned on *embarrassed face* Skype to find a friend sending me the inevitable 

I guessed something had gone wrong earlier this morning. I had an e-mail from the Microsoft Account Team telling me that my account might have been “accessed” and I should change my password. You know as well as I do that there are many good e-mail scams out there and so I resisted clicking the link and logged into my Microsoft account independently.

Microsoft let you access recent recorded activity of your Microsoft account, along with a glossary.

It will ask you to confirmed your account by sending an e-mail or a text , to be fair I found using a text message faster and easier, although – disclaimer time – your mobile phone provider may charge you for it.

Uh-Oh Skype Got Accessed

skypeaccess1

Now for those of the uninitiated let me give you a hint. If you want to hack my accounts, I am a very firm Marmite person when it comes to anything from Apple… I will only use it under protest.

So as you can see, I have a Skype account, which was accessed from Brazil on Sunday. There you can find the detail of what accessed it and where it thinks that it was, unfortunately I am not very experienced in tracing the IP to either a ISP or company.

You will also see I locked down my account before writing this blog. This was because I reacted to the Microsoft e-mail and changed all my passwords before looking at what happened.

A Quick Idea – Check Your Settings!

So what I think my failure might have been was to forget a small setting on my Skype software. Enabled by default – or so it would seem – Skype can load a preview of any web links that are sent. Now this is great if you have a contact list where only your contacts can , err, contact you; but when one gets infected, you can see the inevitable chain reaction.

Skype Settings Preview

So this is what I have turned off. I found it, on my Windows 10 edition of Skype Preview, simply in the first settings page. As you can see I have now turned it off. I am not sure, but I would expect that the Baidu link, which when sent to me even had my username in the URL, was previewed in Skype which somehow gave it access.

Now I Don’t Use Skype

I use to use Skype back in the day when it was popular, I even had one of those funky Skype phones that you plugged into your computer using USB. I don’t use it anymore though, I can easily get a cheap “burn” SIM for a mobile phone and I have a couple of old Blackberry handsets in the house.

If you must know – an old Torch 9800 (touch screen, with a full keyboard hidden under a slider) and the Z10 (all touch screen) 

So, I really don’t need Skype anymore; I tried to remove it.

Problem 1: Skype is Connected to My Windows Account

Can't Unlink Skype

Problem 2: Cancel Skype and You (Apparently) Cancel Your Whole Microsoft Account

Let's Cancel Everything

Problem 3: I have Windows and Office 365 connected to that Microsoft Account

That is the problem with the joined up digital infrastructure though, you need to be able to add and remove subscriptions, like my old XBox Live – unsubscribed for a while – and Office 365.

…. and while I remember

Make sure, for the Meaning of Life, that you have kept your account recovery up to day! With my own problems, I heard from a friend yesterday (he is probably now thinking “That pillock is no friend of mine”) that he was spending his evening on Microsoft Live Chat because he could not get into his account… and his recovery e-mail was now defunct.

I feel; been there on other accounts before and had an ex-girlfriends name as the recover password.

Update: The great customer service at Microsoft meant that in order to recover access to the Microsoft account; my friend had to buy the expired domain and re-create the recovery e-mail. Additional cost for what should be an easy to solve problem.

So In Conclusion

  • Check your Microsoft / Apple / Android activity
  • Change Your Passwords regularly (I do that at least once a year anyway)
  • Don’t click on Skype links from me
  • Turn off Web Preview (for every damn thing)

*embarassed face*