Syrian Electronic Army Hackers Hit Skype

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Members of the Syrian Electronic Army recently compromised the official Twitter, Facebook and WordPress accounts for Skype (h/t Sophos).

On Skype's Twitter account, the hackers posted, "Don't use Microsoft emails (hotmail, outlook). They are monitoring your accounts and selling the data to the governments. More details soon #SEA"

On their own Twitter account, the hackers also posted what they claimed were Microsoft CEO Steve Ballmer's e-mail address and phone number, writing, "You can thank Microsoft for monitoring your accounts/emails using this details."

Soon after, Microsoft regained control of the Skype Twitter account and stated, "You may have noticed our social media properties were targeted today. No user info was compromised. We're sorry for the inconvenience."

As Sophos' Chester Wisniewski notes, the nature of the attack seems to indicate either that the same password was shared between the three social media accounts or that a Skype employee's e-mail account was compromised -- and more importantly, it indicates that Microsoft isn't using two-factor authentication on its social media accounts.

"I believe it is the responsibility of organizations with a large number of followers to do whatever they can to secure their profiles," Wisniewski writes. "I suppose this can be a lesson to the rest of us. Take advantage of the safety net of two-factor authentication whenever possible. While it may be less than perfect, so are you."