Over the weekend, I received several notifications from friends saying they had gotten a suspicious link from me via Skype message. When I checked, it appeared that all of my Skype contacts got a link from me via Skype message that seemed to point to a baidu page. Ugh. How could this happen? I’m diligent about my password management! (If I sent you something, sorry!)
I do everything that Internet security pros say to do. I use capital letters and symbols. I use different passwords at each site I register at. I recently went through and changed all my passwords. I hadn’t logged into Skype recently so I didn’t think somebody had sniffed my keystrokes. What the heck?
In doing research on the issue on various forums like Skype Community and Jukka-Pekka Keisala, I discovered that the Baidu Hack is very common and had been an ongoing problem on Skype for months affecting many thousands of people.
It was interesting to see that as I went through my contacts and sent people a message telling them to ignore my Skype message, I saw that quite a few of them had sent me something similar in the previous months too indicating this problem is very widespread. So I decided to write about it here because you could be next.
The good news is the problem wasn’t malware. In other words, there wasn’t any sort of software that was dropped onto my computer. If you click the link it takes you to a commerical message.
Do not treat Skype as a utility!
Before this weekend, I used to log into Skype automatically on my computer. I was complacent about Skype, thinking of it as a utility like power and water so even when I reset all my nearly 100 passwords, I forgot about Skype because it was automatic via the app. Lesson learned! You need to change your Skype password!
The forums suggest the problem is related to people like me who joined Skype early, well before Microsoft acquired Skype in 2011. The pattern is we used the same login ID and password with other accounts way back then – I joined Skype November 2, 2005 – and never changed the Skype password.
People like me who failed to change our passwords meant that bad actors got a compromised password from somewhere else (hello Yahoo – I’m looking at you) and managed to get into Skype because until this weekend I was using my original Skype ID and PW which were the same as other accounts a decade ago.
I’m not a security expert so I won’t offer specific advice here. JP has a good suggestion relating to linking Skype to your Microsoft account.