Oh dear oh dear oh dear.
It may be a brand new year, but clearly the Syrian Electronic Army are not turning over a new leaf – with Skype the latest victim of the notorious hacking group.
Earlier today, the Skype blog was compromised by the SEA, who posted a series of messages.
Skype’s official Twitter account, followed by over three million people, was also hijacked by the hackers who posted a series of messages related to the ongoing NSA surveillance controversy.
Don’t use Microsoft emails (hotmail,outlook). They are monitoring your accounts and selling the data to the governments.
That’s particularly embarrassing, of course, when you remember that Skype is actually owned by Microsoft.
Chances are that Skype didn’t read my New Year’s resolution advice about not using the same passwords for multiple accounts.
In all likelihood, the publicity-seeking Syrian Electronic Army managed to trick Skype’s social media team into handing over a password via a targeted phishing attack, unlocking both access to the service’s blog and Twitter account.
(There are also reports, by the way, that Skype’s Facebook page was also compromised briefly – which adds more fuel to the fire that Skype screwed up by committing the cardinal sin of using the same password for different sites).
Alternatively, it’s possible the SEA managed to phish the password for a Skype employee’s email account, and from there gathered information about how to log into the various social media accounts.
Maybe Skype’s team would be sensible to investigate solutions such as two factor authentication, and ensure it is using unique passwords in future.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.