Engineering Manager | Trail Runner | Stockholm, Sweden

Skype sending spam

Nasty surprise last Saturday: my Skype account started sending short URLs of weight loss and phishing sites to all my contacts. A password reset resolved the issue quite quickly, still the bot managed to churn out more than a hundred and thirty spam links.

No massive harm done, it only generated some traffic to the sites linked, still it’s a massively annoying thing. Especially unsettling was to see the messages being sent out while I was trying to figure out what to do. Fortunately, Skype has proper security that logs all instances out once a password is changed. I assume the bot used the API to send messages in my name, and it lost authentication after the password reset.

This is apparently¬†also a good way to reconnect with everyone on your contact list. I’ve changed my status message to warn people, but no one ever reads those, I guess. Since then I’m constantly being sent question marks in response.

Kids, don’t use easily brute forceable one-word¬†passwords. My only defence in the matter is that Skype is one of my oldest accounts made way back when I was much more ignorant about security.