Wednesday, June 15, 2016

Skype identity theft feature: anyone can use your email to create an account.

Skype doesn’t validate email addresses. Anyone can use any email address with a new Skype account as long as there’s no Skype account already associated with it.

This is not a new problem. It’s astounding that Microsoft has not fixed this.

Today Emily received notice of a new Skype account using her email address. I verified that the account existed.

To fix this I had to attempt to create a new Skype account with her stolen email address. That gave me a password reset option that went to her email. I reset the password and now she has a Skype account under her control. She doesn’t want that account, but we’ll need to keep it for now.

Obviously scammers are doing this for some kind of criminal activity — and that activity will be associated with your email address.

This is the most astounding example of rank incompetence I’ve seen in years. Microsoft has truly hit bottom. 

Update: Same thing with a Facebook account. Which is curious. Report that one here.

No comments:

Post a Comment