It's said there is no rest for the wicked, and New Year's Day had Skype social media managers scrambling to scrub evidence of being hacked off of its Skype blog, Twitter and Facebook accounts. That evidence was planted by the Syrian Electronic Army and accused Microsoft of spying for the "governments."
After the SEA's attack, Skype sent out a pair of tweets to its 3 million Twitter followers, warning:
Those Skype tweets were deleted and then replaced with this tweet: "You may have noticed our social media properties were targeted today. No user info was compromised. We're sorry for the inconvenience."
The SEA also hacked the Skype blog:
These posts were mirrored on Skype's Facebook page before quickly being deleted.
Then reporter Matthew Keys tweeted this screenshot "proof" of the Skype hack sent to him by the SEA.
The SEA also tweeted Steve Ballmer's contact information along with the message, "You can thank Microsoft for monitoring your accounts/emails using this details. #SEA"
Although the SEA has successfully hacked many major companies, the Skype hack seems to be referring to Microsoft's alleged cooperation with the NSA. Microsoft denied providing backdoor real-time access, but revelations provided by Edward Snowden indicated that the NSA can successfully eavesdrop on Skype video calls. Although Microsoft vowed to protect users from NSA surveillance, the Redmond giant "forgot" to mention Skype in its promises.
As security expert Graham Cluley pointed out, "Chances are that Skype didn't read my New Year's resolution advice about not using the same passwords for multiple accounts."
In fact, Skype seems to have disregarded its parent company's advice. Microsoft's Security TechCenter has a post regarding "selecting secure passwords." Regarding "Password Age and Reuse," it states:
Users should also change their passwords frequently. Even though long and strong passwords are much more difficult to break than short and simple ones, they can still be cracked. An attacker who has enough time and computing power at his disposal can eventually break any password. In general, passwords should be changed within 42 days, and old passwords should never be reused.
Skype itself has a few password "rules" such as:
A password must:
Be at least 6 characters and not longer than 20 characters.
Contain at least one letter and one number.
Not have any spaces.
Not contain your Skype Name (case insensitive).
Not be a part of Skype Name (case insensitive).
Your password also cannot contain any of the following words:
1234, 4321, qwert, test, skype, myspace, password, abc123, 123abc, abcdef, iloveyou, letmein, ebay, paypal.
However, after the Skype hack gave Microsoft a black eye with spying accusations, it's a pretty safe bet that whoever controls Skype social media will no longer resuse the same password to protect all of the company's accounts. And if you reuse the same password on different sites, it would be a great 2014 resolution to change all your passwords, keep them in a password safe, and make sure you don't use the same one for multiple sites.
Like this? Here's more posts:
- Lulzy Christmas: Hackers buy presents for the poor with gov't officials' credit cards
- How Microsoft invented, or invisibly runs, almost everything
- How to customize Windows 8.1 Start screen and keyboard shortcut tricks
- Drivers beware: Roadblocks where cops collect 'voluntary' blood and saliva samples
- Microsoft fails to mention Skype in promises to protect users from NSA surveillance
- 300-pound crime-predicting mobile robot: Crime-preventing precog or 'R2D2's evil twin'?
- Porn-surfing corporate bosses infect networks, then keep data breaches a secret
- How to change Windows 8.1 to local account with no Microsoft email account required
- Stressed out? Virtual nature via Microsoft's new 3D Photosynth will soothe you
- President's Review Group recommends reforming the NSA so we have security AND privacy
- Privacy plays an important part in cloud predictions for 2014
Follow me on Twitter @PrivacyFanatic
Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. Smith has a diverse background in information technology, programming, web development, IT consulting, and information security. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.
Smith is an independent contractor and is not affiliated with any vendor that makes or sells information technology.
Policy on comments: Respectful discussion is welcomed! However comments that use inappropriate language, consist of name calling or personal attacks, or include accusations of wrongdoing are not appropriate. Those comments will be deleted or edited