For the social media team at Skype, 2014 has already become a year they’ll most likely want to forget. Yesterday, the Skype twitter account was hijacked by the Syrian Electronic Army (SEA) leaving behind a tweet which will certainly create some unwanted problems for Skype and Microsoft respectively (the company that owns Skype)
The tweet (shown above) was live for around an hour; their Facebook page was also hacked as well as their blog which displayed a similar message.
With the mystery surrounding the NSA and their surveillance techniques, I expect that a large amount of people will refrain from using Skype from now on.
It’s not clear yet as to how hackers gained access to these accounts, but one of our security experts, Geraint Williams, has given his insight into what he believes happened:
The cause of this hack is mostly due to a sophisticated phishing attack. During the Christmas period, there’s likely to be a decline in staff numbers, leaving those at work with higher workloads, ultimately leading to mistakes. In this case, it appears a member of the Skype team was a victim of a phishing attack and the SEA managed to get hold of some credentials. With the login details obtained, it was only a matter of trying it out on all of Skype’s social media accounts; unfortunately for Skype it appears that they use the same credentials on multiple sites.
As I’ve said many times before, cyber security isn’t just an IT issue. The IT department isn’t responsible for creating passwords for your social media accounts, your marketing team is. If you don’t teach them the basics of information security, then you’re going to leave your organisation vulnerable to attacks.