- SMB Spotlight
The Syrian Electronic Army (SEA) has hacked into Skype's blog and Twitter account, which resulted in messages slamming parent company Microsoft's privacy practices and criticising spying.
Skype has reassured users that none of their data was compromised during the attack on its Twitter account and official blog.
Hacktivist group the SEA has claimed responsibility for the messages posted on the Twitter account, which has more than three million followers. One tweet said: "Don't use Microsoft emails (hotmail,outlook). They are monitoring your accounts and selling the data to the governments."
Posts were also made on Skype's blog, which runs on WordPress, under the byline of Skype's content marketing manager Shana Pearlman. Skype's blog is entirely inaccessible at the time of writing, having previously displayed blog posts containing the same text as seen in the rogue tweets. "Hacked by the Syrian Electronic Army.. Stop Spying!", another post said.
Skype's Twitter account later posted this message after deleting the offending tweets:
You may have noticed our social media properties were targeted today. No user info was compromised. We're sorry for the inconvenience.— Skype (@Skype) January 2, 2014
Before Christmas, the New York Times reported that both its staff and journalists from other news outlets including CNN had been sent phishing links attempting to trick users into entering username and password details into an online form, action it attributed to the SEA following an FBI notice warning media organisations of the group's intentions.
The SEA has a track record of such actions, infamously gaining access to the Associated Press' Twitter feed and subsequently sending tweets reporting explosions at the White House. High profile hacks have also seen Twitter feeds at The Washington Post, The Telegraph and the Financial Times compromised, leading to a call for Twitter to allow users to enable two-factor authentication, effectively rendering passwords useless without access to a one-time use code sent to either a phone or an email address.
Sophos security advisor Chester Wisniewski speculated in a blog post that Skype's woes could have been avoided by enabling the security feature.
"Microsoft, would you care to explain why you apparently are not using it?" he said. "I suppose this can be a lesson to the rest of us. Take advantage of the safety net of two-factor authentication whenever possible. While it may be less than perfect, so are you."
Such a basic method of gaining access to such a high profile company's online presence is another warning shot to businesses which take advantage of external social media platforms, with simple human error and naivety often a simple method of compromising otherwise strict security practices.