Baidu link spam in Skype exposes need to secure your account

Many Skype users have recently reported seeing spam messages with links to Baidu or LinkedIn recently, and it appears the issue isn't a small one. As reported by The Verge, hackers have managed to breach Skype accounts to send spam even when the accounts have been "secured" with Microsoft's two-factor authentication.

Microsoft confirmed the problem in a statement to The Verge, noting that Skype itself was not breached, but hackers obtained account credentials by other means:

"Some Skype customers have reported their accounts being used to send spam," says a Microsoft spokesperson in a statement to The Verge. "There is no breach of Skype security, instead we believe criminals are using username and password combinations obtained illegally to see if they exist on Skype. We continue to take steps to harden the login process and recommend customers update their Skype account to a Microsoft account to benefit from added protections such as two-factor authentication."

Most interesting, however, is that the issue is even affecting those who have linked their Microsoft and Skype accounts together, which should theoretically eliminate the Skype login in favor of your Microsoft account information. However, as noted in the report, it appears that Microsoft still keeps your Skype username and password separate after merging, allowing it to still be used to log in. So, even if your Microsoft account is secured with two-factor authentication, hackers with the right information could still use your old Skype account information to log in and, as is occurring now, send spam to your contacts.

If you previously used a generic Skype account to log in and merged with your Microsoft account, you'll want to secure your account by changing your password. Fortunately, it seems as though you can also fully merge your account to prevent the problem altogether, but the process is slightly more involved. We've put together a guide to get you started.

Have you run into this sort of spam yet? Let us know your experiences in the comments below!

Secure your Skype account

Dan Thorp-Lancaster

Dan Thorp-Lancaster is the former Editor-in-Chief of Windows Central. He began working with Windows Central, Android Central, and iMore as a news writer in 2014 and is obsessed with tech of all sorts. You can follow Dan on Twitter @DthorpL and Instagram @heyitsdtl