My Skype account was hacked, it was sending spam containing Baidu links

I consider myself quite “hack proof” when it comes to web. I use Password Manager, I don’t use same passwords (but I used to). I never open files that I receive in mail. If I need to do something really critical I have virtual machine that I boot up that runs plain Linux with no extras installed. But still I got hacked… how is this possible?

Background

Last Friday around 14:45 while working on my Mac, I suddenly started to get messages from many of my contacts saying: “What is this link?”, “Hi JP, long time…”
I started to look previous messages and I saw a link to Baidu. I panicked. I signed off from Skype immediately and started to think what the h…. has happen? My first thought was a malware. But I have not installed anything special recently. But I immediately started full virus scan and took computer out of web. I opened my Windows machine and started to Google answers. Strange thing was that I was not allowed to delete Baidu links from my message history. Usually in Skype I am able to delete messages I send. This sounded fishy as it looked like it is not actually “me” who send those messages.

So what happen?

After Googling I found online many comments and posts dating all the way back to 2015 having similar experience with Skype. One of the best threads I was able to find was in Skype forum in Security, Privacy, Trust and Safety -channel.

It turns out Skype and Microsoft are having a critical issue as hackers are able to log in into out Microsoft Accounts using Skype name and Password without Two-Factor-Authentication. This is for all “non merged” accounts (Remember, Microsoft bought Skype and then decided to merge logins with Microsoft). Skype login’s are added to the Microsoft account as a login option without informing people and “Enabled” it by default.

I was using my @outlook.com account to login to my Skype on my computers and phone. But there was still the original Skype username “jpkeisala” enabled with full access and I had not changed password of that username for ages. This same username used to be a username that I was using for many services back in the day. So I look at which sites has been hacked by https://haveibeenpwned.com/ and https://www.leakedsource.com/ and yes… Quite a few.

Ok, now I was sure that this is not malware but hacking. So I went to check https://account.live.com/Activity for susipcious activites and report to support page.

skype-hacked-from-buenos-aires
Bingo! I have not been Buenos Aires, Argentina. Someone is using my login.

So, now I have to change my password and find out how to avoid this in the future.

Solution

Based on my empirical investigation, you (probably) don’t have malware or virus, your username and password is hacked and spam links are sent from web and not from your computer. You need to reset password on Microsoft and deselect Skype name.

Secure your account

  1. Login into https://account.microsoft.com with your Microsoft Account
  2. Go to “Security and Privacy”
  3. Under “Account Security”, select “More security settings”
  4. Under “Sign-in preferences”, select “Change sign-in preferences”
  5. Deselect “Skype name”
  6. Press [Save]
  7. And if not already done, enable “Two-step verification”
  8. In https://account.microsoft.com/ Change your password.

Clean up spam messages

To clean up spam from your contact you can go to web.skype.com, it’s possible to delete messages there. I had ~200 contacts and I had to clean them up one by one. Phew…

I will update this post if I still have issues.

10 thoughts on “My Skype account was hacked, it was sending spam containing Baidu links”

  1. I had exactly the same crap happen to me however I have 2FA Enabled!

    Personally, I think there is some zero day or serious vulnerability that they are not aware about. Especially being they were able to bypass 2FA.

  2. Excellent report. Thanks. Got this baidu link over skype from a friend a moment ago. Your conclusion sounds likely. The friends account has afaik been inactive for years (like closer to 10 years) and probably has weak credentials. I’ll block and inform him. Surprising that Skype lets this through.

  3. Hello Sir,
    Thank you so much for the post.
    I faced this exactly as documented for my Skype account.
    Regards,
    Narender

  4. Thank you so much sir. Searched and searched trying to find out how i could delete the messages until i found your solution!

    I still cant believe this happened. i had 2FA enabled and due to the skype login information still being there they were able to bypass it!

    Thanks again!

  5. This just happened to me as well. But I don’t think you’re right about the two-step verification and microsoft being the catalyst. I don’t have or use any microsoft hardware or software. I don’t use outlook or any type of mail software on my computer. And despite my password being a difficult one which I changed a week ago, I still was hacked today. I think this is a serious problem that skype has and is not anything I’ve done. I only use my personal computer at home for all the work I do.

  6. And just to add, none of my emails or accounts have been pwned. (I checked on haveIbeenpwned.com.) The password I used for my skype is only identical to one of my emails. There are only two sources to be hacked. I think this is just an internal issue with skype.

  7. You saved me from so much possible embarassment. I have now deleted 100+ of those filthy messages. Apparently there was a sign in from China today, one from Russia yesterday.

Comments are closed.