Support NeoGAF

TimFL · Nov 5, 2016

Has anyone else had their MS Account accessed via their Skype account name login? Happened to me overnight (completely ignoring my 2FA setting, login from Chile) prompting me to reset my Microsoft account password.

Other people on the XB1 subreddit have the same issue. Some claim their XB1s were accessed.
The issue is being investigated according to Major Nelson.

You can untick your Skype account name from being a valid login credential here (not sure if it helps): Click me

LilJoka · Nov 5, 2016

Can you detail exactly what you think happened?

Edit: looks like major nelson replied so this will be looked into, rightfully so.

Lockjaw333 · Nov 5, 2016

I had a friend tell me my Skype account was sending him weird links.

I never, ever use Skype.

I went ahead and changed all of my Windows login passwords, as well as all of my other passwords just as a precaution.

TimFL · Nov 5, 2016

LilJoka said:
Can you detail exactly what you think happened?

I can only detail what happened to me: someone used my old Skype account login (I merged my Skype account with my MS account back in the W8 days) without triggering the 2FA of my MS account.
They then proceeded to spam my Skype contact list with spam links.

The subreddit thread link in the OP shows that a lot of people experienced the same issue in the last week.

im_dany · Nov 5, 2016

Saw the post earlier, went to check the website and noticed I had someone from Gabon, Haiti and Philippines failing my password. Turned it off because I don't even remember the Skype password

CorrisD · Nov 5, 2016

Someone logged into my account the other day triggering a password reset and a bunch of emails and notifications that someone had gotten into my account. And not with my email either, it was an older log in name too, this must have been how they got in?

Whoever it was logged in from Venezuela though. Turned off my Skype log in as suggested which it the name they logged in with, I can't even remember when I signed up for Skype.

Caayn · Nov 5, 2016

Mhhh, I can see two failed login attempts from Vietnam and China, one via Skype and one via POP3/IMAP.

I've got two factor enabled and use an alias to login.

Goldenhen · Nov 5, 2016

Lockjaw333 said:
I had a friend tell me my Skype account was sending him weird links.

I never, ever use Skype.

I went ahead and changed all of my Windows login passwords, as well as all of my other passwords just as a precaution.

Exactly the same as you as this happened to me last week.

Fliesen · Nov 5, 2016

Lockjaw333 said:
I had a friend tell me my Skype account was sending him weird links.

I never, ever use Skype.

I went ahead and changed all of my Windows login passwords, as well as all of my other passwords just as a precaution.

same here, my Skype account (that i haven't been using for like ... 5 years now) had been used to send some weird baidu.com links to EVERYONE on my contact list.

I removed those links and changed my password. I just assumed that, since my skype acc used the same passwort that either my myspace or my dropbox acc used, that one of those leaks gave them access.
Have been using non-reused passwords for all of my accounts for a while.

runningjoke · Nov 5, 2016

So that's what that was, got an email and text in the middle of the night that some weird activity was happening on my account. Logged in and saw someone accessed my account from Beijing. I went full paranoid and formatted 3 PCs thinking one of them may have had a virus.

Were they just out to spam links to skype contacts? If so I don't care much. I just hope they didn't access my email or OneDrive

Shpeshal Nick · Nov 5, 2016

I went into my security settings and it seems Skype isn't a login option for me. I must have removed it years ago.

runningjoke · Nov 5, 2016

On skype.com account settings there is an 'unlink' button for your microsoft account, but if you click it it says 'This service is currently unavailable.' Get this fixed ASAP

TwIsTeD · Nov 5, 2016

Had the same happen to me via Skype alias login - it looks like they only had access to Skype and the only reason we even noticed was someone at Microsoft thought it was a good idea to let us login with our Skype username with all services so it now triggers security alerts. The fact it circumvented 2nd Factor is awful. I turned off the alias login but still a little pissed they enabled that by default for everyone last month.

Xyber · Nov 5, 2016

Oh, so this is why I've had a few people send me those obvious spam links recently on Skype.

epmode · Nov 5, 2016

runningjoke said:
On skype.com account settings there is an 'unlink' button for your microsoft account, but if you click it it says 'This service is currently unavailable.' Get this fixed ASAP

Same thing happens to me. I never, ever use Skype so I don't care if it's removed from my MS account.

edit: I see a few failed logins from China over the last month. Good times. Ah well, I use a long, unique, randomized password with 2FA.

atomsk · Nov 5, 2016

Going to skype.com to "unlink" your Microsoft account gives this error message...

FinKL · Nov 5, 2016

atomsk said:
Going to skype.com to "unlink" your Microsoft account gives this error message...

Yea that link you linked above shows my email grayed out so I can't unlink it. I've had my Skype pw turn into my Live password so I reset my Skype and little did I know it went ahead and changed my live pw too. This was maybe a month or two ago

Support NeoGAF

PSA: Potential new login method to bypass Microsoft 2FA by using Skype account logins

TimFL

Member

LilJoka

Member

Lockjaw333

Member

TimFL

Member

im_dany

Member

CorrisD

badchoiceboobies

Caayn

Member

Goldenhen

Member

Fliesen

Member

runningjoke

Member

Shpeshal Nick

aka Collingwood

runningjoke

Member

TwIsTeD

Member

Xyber

Member

epmode

Member

atomsk

Party Pooper

FinKL

Member

Similar threads