Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Skype account hijack vulnerability fixed - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Skype account hijack vulnerability fixed

The folks over at Microsoft (who now owns Skype) fixed a bug earlier today that potentially would have allowed anyone to hijack a Skype account simply by knowing the e-mail address the account was associated with.  Apparently the vulnerability was found at least 3 months ago by a Russian researcher who claims that many users were affected.  I'm not aware of any procedures in place to reclaim a Skype ID that was hijacked, but if anyone knows of one please let us know either by leaving a comment or contacting us via the contact page.  Trend Micro[1] has a pretty good writeup, so I won't rehash the whole thing here and Microsoft has responded[2].




Jim Clausing, GIAC GSE #26
jclausing --at-- isc [dot] sans (dot) edu

I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS DFIR Summit & Training 2022


423 Posts
ISC Handler
Nov 14th 2012

Sign Up for Free or Log In to start participating in the conversation!