Many Skype users have recently reported seeing spam messages with links to Baidu or LinkedIn recently, and it appears the issue isn't a small one. As reported by The Verge, hackers have managed to breach Skype accounts to send spam even when the accounts have been "secured" with Microsoft's two-factor authentication.
Microsoft confirmed the problem in a statement to The Verge, noting that Skype itself was not breached, but hackers obtained account credentials by other means:
Most interesting, however, is that the issue is even affecting those who have linked their Microsoft and Skype accounts together, which should theoretically eliminate the Skype login in favor of your Microsoft account information. However, as noted in the report, it appears that Microsoft still keeps your Skype username and password separate after merging, allowing it to still be used to log in. So, even if your Microsoft account is secured with two-factor authentication, hackers with the right information could still use your old Skype account information to log in and, as is occurring now, send spam to your contacts.
If you previously used a generic Skype account to log in and merged with your Microsoft account, you'll want to secure your account by changing your password. Fortunately, it seems as though you can also fully merge your account to prevent the problem altogether, but the process is slightly more involved. We've put together a guide to get you started.
Have you run into this sort of spam yet? Let us know your experiences in the comments below!
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.