This afternoon, we were notified by two of our very well informed associates that they had received a link to nasty malwares from an (in this case, old and dormant) personal Skype account.
Upon investigation, it appears that the account has not been accessed remotely, although the advice from Skype is to ‘Change your password and update your antivirus’.
Knowing that this account has not been used for years, we tried to change the password, to be greeted with this message:
Following two chat conversations with Microsoft support, it seems that Skype has a very big, live issue with spam coming via registered accounts (without login), which is also (maybe) disabling password changes (API tomfoolery?).
During the online chat, which by the way does not use Skype and you cannot upload images, we were confronted with a wall of disinformation, with a few very worrying updates:
I completely understand that. Thank you for sharing your concern. I know the situation is quite troubling and I appreciate you calling it to our attention. We’re serious in protecting our users’ account security. Please be informed that we are currently having an ongoing issue about spam links or messages. This is a reported issue and our developers are currently working on the fix.
I do understand that you are not able to change the password, please know that this past couple of minutes we are having ongoing issue on changing of the password, just want to make sure, have you tried to use other device or browser?
Please be very cautious about messages you receive from Skype contacts (we suspect old Skype contacts, this one was one of the original Skype accounts).
The link that was sent allegedly from this old account was redirected multiple times, once via a .ru site (surprise), an analysis of the landing link is here.
ESET doesn’t like it, and we believe them.
Microsoft says that they will update: http://heartbeat.skype.com/ with details, although they have not done this yet.
NB: This does not appear to have any impact on Skype for Business at this time.
We will provide updates if we receive them.
Thanks to Drew Perry and Brett Milborrow.