Skype Hack: 'Well-Publicized Graffiti'Breach Offers Reminder to Strengthen Credential Management
The hacking of Skype's Twitter account, Facebook site and blog serves as a reminder that organizations must diligently protect their credentials, a cybersecurity expert says.
But the hacks themselves aren't serious; they're more like online graffiti, says Allan Friedman, visiting scholar at George Washington University's Cybersecurity Policy Research Institute.
The collective known as the Syrian Electronic Army claims to have breached the Twitter account of Microsoft-owned Skype - voice-over-IP service and instant messaging client - as well as its blog and Facebook page, on New Year's Day. One tweet left by the hackers: "Stop spying on people! via Syrian Electronic Army." Another posting said, "Don't use Microsoft emails (hotmail, outlook). They are monitoring your accounts and selling the data to the governments." The hackers also posted contact details for Microsoft's retiring chief executive Steve Ballmer.
Skype posted a tweet acknowledging the hack on its Twitter feed: "You may have noticed our social media properties targeted today. No user info was compromised. We're sorry for the inconvenience." Microsoft issued a statement echoing the tweet: "We recently became aware of a targeted cyber-attack that led to access to Skype's social media properties, but these credentials were quickly reset. No user information was compromised."
Revisit Credential Management
Friedman characterizes the hack as "very well-publicized graffiti. It's not to downplay its significance. If organizations that have the assumed operational confidence of Microsoft and the Skype team allow their credentials to be stolen somehow, that serves as a good warning for the rest of us to revisit our own credential management system."
In August, a Twitter posting claiming to be from the Syrian Electronic Army took credit for the hacking of the websites of The New York Times, Twitter and the Huffington Post UK (see Times, Twitter Attacks Raise New Alarms).
In October, the Syrian Electronic Army claimed it hacked the Twitter and Facebook accounts of President Obama (see Hackers Target Obama's Tweets).
The hackers appear to support Syrian President Bashar al-Assad and target political and media sites its members feel are biased against the Syrian government.