Skype hack gives Microsoft a black eye, shows why NOT to reuse passwords

The Syrian Electronic Army hacked all of Skype’s social media accounts and accused Microsoft of helping the government spy and monitor our email.

It’s said there is no rest for the wicked, and New Year’s Day had Skype social media managers scrambling to scrub evidence of being hacked off of its Skype blog, Twitter and Facebook accounts. That evidence was planted by the Syrian Electronic Army and accused Microsoft of spying for the “governments.”

After the SEA’s attack, Skype sent out a pair of tweets to its 3 million Twitter followers, warning:

Hacked Skype tweet warns against using Microsoft products

Skype tweet stop spying on people

Those Skype tweets were deleted and then replaced with this tweet: “You may have noticed our social media properties were targeted today. No user info was compromised. We’re sorry for the inconvenience.”

The SEA also hacked the Skype blog:

Skype blog, Facebook, Twitter hacked by Syrian Electronic Army

Hacked Skype blog says don’t use Microsoft products

These posts were mirrored on Skype’s Facebook page before quickly being deleted.

Skype Facebook hacked posts removed

Then reporter Matthew Keys tweeted this screenshot “proof” of the Skype hack sent to him by the SEA.

Screenshot Skype hack

The SEA also tweeted Steve Ballmer’s contact information along with the message, “You can thank Microsoft for monitoring your accounts/emails using this details. #SEA”

Although the SEA has successfully hacked many major companies, the Skype hack seems to be referring to Microsoft’s alleged cooperation with the NSA. Microsoft denied providing backdoor real-time access, but revelations provided by Edward Snowden indicated that the NSA can successfully eavesdrop on Skype video calls. Although Microsoft vowed to protect users from NSA surveillance, the Redmond giant “forgot” to mention Skype in its promises.

As security expert Graham Cluley pointed out, “Chances are that Skype didn’t read my New Year’s resolution advice about not using the same passwords for multiple accounts.”

In fact, Skype seems to have disregarded its parent company’s advice. Microsoft’s Security TechCenter has a post regarding “selecting secure passwords.” Regarding “Password Age and Reuse,” it states:

Users should also change their passwords frequently. Even though long and strong passwords are much more difficult to break than short and simple ones, they can still be cracked. An attacker who has enough time and computing power at his disposal can eventually break any password. In general, passwords should be changed within 42 days, and old passwords should never be reused.

Skype itself has a few password “rules” such as:

A password must:

Be at least 6 characters and not longer than 20 characters.

Contain at least one letter and one number.

Not have any spaces.

Not contain your Skype Name (case insensitive).

Not be a part of Skype Name (case insensitive).

Your password also cannot contain any of the following words:

1234, 4321, qwert, test, skype, myspace, password, abc123, 123abc, abcdef, iloveyou, letmein, ebay, paypal.

However, after the Skype hack gave Microsoft a black eye with spying accusations, it’s a pretty safe bet that whoever controls Skype social media will no longer resuse the same password to protect all of the company’s accounts. And if you reuse the same password on different sites, it would be a great 2014 resolution to change all your passwords, keep them in a password safe, and make sure you don’t use the same one for multiple sites.

 

---

Best Microsoft MCTS Certification, Microsoft MCITP Training at certkingdom.com