Skype Account Hacked: How-To Geek's Experience & Lack of Support

Skype Account Compromised: A Security Breach

I received a notification from Skype late last night via email, informing me that my registered email address had been successfully altered to thegeek@cock.li. The email prompted me to review these changes within my account settings. However, I had not initiated any such modifications.

Important Update:

Thanks to the assistance of Jon Galloway, who proactively contacted relevant parties on my behalf, I was able to regain access to my Skype account. While this outcome is positive, continued vigilance is crucial. This single recovery doesn't guarantee immunity from future attacks.

I sympathize with those who have experienced similar account compromises but lack the visibility of a public platform like HTG. To mitigate the risk of this happening to you, it is essential to activate two-factor authentication for all your online accounts and employ robust, unique passwords.

The details of this incident are outlined below…

I was awakened during the night due to our baby’s teething discomfort and checked my email before attempting to return to sleep. It was then that I discovered the aforementioned notification. My initial action was to attempt logging into Skype, but this proved unsuccessful.

The password had been altered, and I was unable to initiate a password recovery process as the associated email address had also been changed. Consequently, control of the account had been seized by an unauthorized party.

My Skype account was secured with a complex, unique password. This raises the question of how the hacker gained access and subsequently changed the email address to effectively lock me out.

The most plausible explanation is that Skype support inadvertently granted access to the account.

Related: The Importance of Two-Factor Authentication (2FA)

While I lack definitive proof of Skype’s involvement, I still maintain control of the original email address, which was protected by a lengthy and unique password exclusively used for that account. There is no record of a password reset request or any similar activity. Therefore, alternative access methods remain unclear.

It’s important to note that Skype offers two-factor authentication for accounts linked to a Microsoft account. However, this particular Skype account predates the Microsoft account integration and did not benefit from this added security layer.

Preventative Measures

• Enable Two-Factor Authentication: Activate this feature on all accounts that support it.
• Strong Passwords: Utilize long, complex passwords that are unique to each account.
• Monitor Account Activity: Regularly check for any unauthorized changes or suspicious activity.

Protecting your online accounts requires a proactive approach. Implementing these security measures can significantly reduce your vulnerability to hacking attempts.

The situation highlights the importance of robust security practices and the potential vulnerabilities within older account systems.

A Renewed Social Engineering Attempt Targeting Our Servers

Related: Understanding Social Engineering and Protective Measures

Upon discovering unauthorized access and initiating account recovery procedures, unusual communications began appearing on Slack. Our content creators reported conversations that I had not participated in.

The perpetrator, who still maintains access, was actively employing social engineering tactics. The goal was to deceive HTG writers into divulging sensitive SSH account credentials or granting access to our WordPress installations.

Previous Security Challenges

We have faced numerous threats and hacking attempts over the past year. Previously, our defenses had successfully thwarted these efforts.

This incident marks the first instance where an attacker successfully breached our security perimeter and gained access to a system.

The Attack in Action

The attacker engaged in extensive dialogue, but fortunately, Chris Stobing recognized the deception and did not comply with the requests.

The messages were remarkably persuasive, and all contacts on my list received similar attempts at manipulation.

Account Recovery Failure: Skype's Unresponsive Support

Despite clear evidence of a compromised account, Skype has proven unable to resolve the issue and restore access. The hacker’s chosen email address, "thegeek@cock.li," demonstrably indicates unauthorized control.

A detailed account recovery request was submitted through the official Skype website. This included comprehensive information intended to verify ownership and reverse the malicious alterations.

Identity Verification Issues

However, the response received indicated an inability to verify the user’s identity. Consequently, Skype declined to even investigate the account’s status.

The original account was established several years prior, and the initial registration email remains accessible. Precise creation dates and other pertinent details were provided.

A lack of a linked credit card was noted as a potential complication. More crucially, continued access to the original email account used for signup was confirmed. This raises questions about Skype’s security protocols.

The core question remains: why is account recovery proving impossible under these circumstances?