Apparently, Microsoft has been facing some challenges of integrating Skype as users have had their accounts compromised several times already since Microsoft has taken over Skype.
The most recent such case is from August, 2016 and it involves the distribution of a weird message on Skype with a link to Baidu or LinkedIn from someone who is in the victim’s contact list. The compromised message quickly infected thousands of users, but according to Microsoft, breach of Skype security was not the case:
“There is no breach of Skype security, instead we believe criminals are using username and password combinations obtained illegally to see if they exist on Skype. We continue to take steps to harden the login process and recommend customers update their Skype account to a Microsoft account to benefit from added protections such as two-factor authentication.”
Breached or not, Skype apparently might not be as secure as users think. This year’s attack has significantly grown in size and all that while users blindly believe they are protected by Microsoft’s two-factor security.
What is Microsoft’s two-factor security?
Microsoft’s two-factor security may sound like a double protection, but in reality it’s not quite so. In essence, Microsoft offers the option to link your Skype and Microsoft account together claiming that option would make your login easier and the security – stronger. If you already linked your Skype and Microsoft accounts together months ago, Microsoft has also kept your old Skype account password separate just in case you still want to access your Skype with your original login details. However, in case that old password is not secure enough or you use it on other accounts as well, then hackers can easily gain access of your Skype account, thus bypassing the “two-factor authentication” in question.
What Should You Do?
Whether your Skype account has been already hacked or not, you must secure both the Skype and Microsoft accounts immediately. According to TheVerge.com,
Once the two accounts are properly merged, Microsoft creates a Skype alias to let you keep signing in with a Skype username. You can continue using this or disable it under the aliases preferences to ensure nobody can try to sign in with your Skype username. Either way, you won’t be able to use your old Skype password anymore, and attackers will have to know the email address associated with your account.
This entire process seems messy, but it appears to be the best way to secure your Microsoft account. If you’ve already linked a Skype username then I would suggest doing this extra merge process immediately, to secure your account. If you haven’t linked Skype and Microsoft Accounts at all, then you should be safe to link and merge with the new process.