This blog is not hosted by the Skype but on WordPress VIP. This means that, most likely, the blog was not broken into using a software exploit of any sort since the security on VIP blogs is professional. Knowing that this is the Syrian Army, this attack was most likely done using phished credentials.<p>If they had any sort of system access they would have defaced the entire subdomain or the main site. So most likely, this is nothing to worry about. Your account data most likely still in safe hands.
Here is the screenshot of the blog hacked. <a href="http://imgur.com/RGeTFWV" rel="nofollow">http://imgur.com/RGeTFWV</a><p>So it looks like Skype doesn't host on its own server. It looks like this is wordpress.com but with custom domain?<p>curl <a href="http://blogs.skype.com" rel="nofollow">http://blogs.skype.com</a> -v<p>< X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.<p><i></i>EDIT<i></i> Okay it is<p>New to wpscan. When it says plugins found are these the vulnerable plugins wordpress.com running?<p><a href="https://gist.github.com/yeukhon/8211580" rel="nofollow">https://gist.github.com/yeukhon/8211580</a><p>And I found the username 7 pretty interesting.... wonder if I am actually doing the ethical thing here :(
Snapshot archive (if they fix the page): <a href="http://mraka.eu/snapshot/v/blogs.skype.com" rel="nofollow">http://mraka.eu/snapshot/v/blogs.skype.com</a><p>Direct link to the snapshot of the hacked site: <a href="http://mraka.eu/snapshot/img/2014/01/01/e0d8888c73483275afea3ba8e007adaf.png" rel="nofollow">http://mraka.eu/snapshot/img/2014/01/01/e0d8888c73483275afea...</a><p>Snapshot archive of twitter account: <a href="http://mraka.eu/snapshot/v/twitter.com" rel="nofollow">http://mraka.eu/snapshot/v/twitter.com</a><p>Direct link to the first tweet snapshot: <a href="http://mraka.eu/snapshot/img/2014/01/01/1d6269aa8371ce67658770d5d703e2d9.png" rel="nofollow">http://mraka.eu/snapshot/img/2014/01/01/1d6269aa8371ce676587...</a><p>Direct link to the first retweet snapshot: <a href="http://mraka.eu/snapshot/img/2014/01/01/a0f4c0947281bb0fb19dce9a1a74b750.png" rel="nofollow">http://mraka.eu/snapshot/img/2014/01/01/a0f4c0947281bb0fb19d...</a>
The Twitter account has also been compromised at the same time: <a href="https://news.ycombinator.com/item?id=6996899" rel="nofollow">https://news.ycombinator.com/item?id=6996899</a>
There is also a second post from the same - apparently compromised - author: <a href="http://blogs.skype.com/2014/01/01/dont-use-microsoft-emails-hotmailoutlook-they-are-monitoring-your-accounts-and-selling-the-data-to-the-governments/" rel="nofollow">http://blogs.skype.com/2014/01/01/dont-use-microsoft-emails-...</a>
>> Hacked by Syrian Electronic Army.. Stop spying!<p>Seems a strange message to send to a country that spies on it's own citizens (and where apparently the citizens are unable to prevent their own government from doing it to them).
Here's a screenshot of the blog, in case it get's fixed:<p><a href="http://puu.sh/65TRe.png" rel="nofollow">http://puu.sh/65TRe.png</a>
Its Twitter account was also hacked and a message posted, but it appears to have been deleted.<p>Screenshot here: <a href="https://twitter.com/MikeElgan/status/418482819611230208" rel="nofollow">https://twitter.com/MikeElgan/status/418482819611230208</a>
Gotta wonder what's running through non-techie Skypers when they see the tweets (<a href="https://twitter.com/Skype/status/418495453471068161" rel="nofollow">https://twitter.com/Skype/status/418495453471068161</a>) and all :D
I'm not sure why the accent on "Stop using MS, it's spying on you!" is on MS. AFAIK <i></i>every<i></i> company is using your data and giving/selling it to the government.<p>How is MS more evil than anyone else?