Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Skype account hacked and my contacts were asked for money via WebMoney
3 points by usaphp on Feb 4, 2014 | hide | past | favorite | 8 comments
Woke up today to realize that my skype contacts received a frienly messages from me while I was sleeping, asking them to land me money via WebMoney, my password for Skype was not changed, I still was in control of Skype account. I changed the password right away. Some of my friends sent money to hacker.

Do you have any idea how could he do that without changing my password (my password was a combination of letters and numbers). And are there any steps I can trace him now?




1. What was your password? If it's been changed, was completely random, and never used anywhere else, you should have no problem posting it here.

2. There's an Adobe Flash zero-day out there: http://www.macrumors.com/2014/02/04/adobe-flash-update/


1. Password was only used for skype, it was "blocks12", was set around 5 or 6 years ago only for skype, I have moved to password management apps lately and all my current passwords are 20+ character generated strings and if two step authentication is available I always choose it. However I completely forgot about skype since I opened it so many years ago.

2. I have it already installed.

Should I reinstall OSx or is it just a skype hack?

[edit] when I went to download the adobe update - turns out I already have it installed...


Ya, hard to say. If it really isn't related to your username or identify somehow, it would be hard to think that someone would brute force you specifically. Not that it's a very strong password.

https://code.google.com/p/skype-bruteforcer/

looks like a 60 second timeout between attempts.


But if the 60 second timeout is IP specific - he could have work around it by using botnet?


> Password was only used for skype, it was "blocks12" ...

Okay, now I understand. With all respect, you need to learn how to choose a password.

http://www.passwordmeter.com/

Score: 34%, weak.


> Do you have any idea how could he do that without changing my password ...

Of course -- he logged on as you. How could Skype (or your friends) distinguish him from you, if both he and you use the same username and password? In fact, for his purposes, not changing your password was to his benefit, because it helps him cover his tracks.

> ... my password was a combination of letters and numbers

If your password was robust, then I recommend that you scan your system for a keylogger. Also don't use the same password in more than one place.


I wonder if skype has a way to see IP addresses of all login attempts.

Do you know any good keylogger scanner for Mac?


> I wonder if skype has a way to see IP addresses of all login attempts.

That's not the operative question. The operative question is whether they would be willing to share their activity log with you.

> Do you know any good keylogger scanner for Mac?

Not being a Mac user, I can't say what's good, but start here:

https://www.google.com/search?q=macintosh+malware+scanner




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: