I can confirm that I am seeing failed login attempts against my live account using my Skype Alias.Įdit: Just in case you do not know how to unlink the account go to and login there, at the bottom of the page is an "account settings" option under which you will have the option to unlink your live account. You can see that ( ) clearly states you can use your Skype username to login (I just didn't realize your old Skype password would work, too!) You can clearly see it was compromised nearly 3 weeks ago - the sign in attempts were all targeting my Skype username alias. I understand Microsoft wanted to make the merge seamless, but this just feels like a glaring security hole (circumventing 2FA just blows my mind).ĮDIT: ( ) of my recent account activity on this Microsoft account. Once you do that, your Skype username (and old Skype password) cannot be used to login to your Microsoft account. The fix is very simple (as pointed out in the article above) - just go to your Microsoft account security settings and disable your Skype username in "alias preferences". Just wanted you to be aware of this risk and hopefully help at least one other person protect their account. I probably could have prevented this if I had read this article last month: I'm reading reports online now that other users are seeing their accounts compromised via old Skype credentials even though they have 2FA enabled on their MS/Live account! I find it a bit frustrating that, although I had good security practices in my Microsoft account (unique complex password that changed frequently), an attacker was able to use my old Skype login credentials to gain full access. Someone was able to use my old Skype credentials to gain full access to my Microsoft/Live/Outlook account. I haven't used Skype in over 5 years, and I'm positive my Skype credentials were very weak, reused on other sites, and very likely included in some of the more recent "password dumps" online. The point of entry was apparently a very old Skype account that must have been linked to my Microsoft account when they merged. I have a Microsoft Live account with a unique 20 character password that was just fully compromised this afternoon, including IMAP sync, etc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |