I received an email today from Skype that someone had changed the email address on an old Skype account of mine. Presumably this means that they were able to gain access to a password. There was no mechanism in the email to block the action. Next, I received an email that said "Someone started a process to replace all of the security info for the Microsoft account." Again, there was no way to block this action.<p>Both emails encouraged me to contact customer support. I did so only to be met with a request to fill out an online form with an incredible amount of personal information to verify the account. Why would I provide 10X the personal info that might then be made accessible to a user whose email address was swapped into the account with no verification at all?<p>Does anyone have any advice on how to resolve or escalate to Microsoft? Ideally the original email address on the account would be restored and more broadly, Live / Skype should update their security procedures to avoid this type of "easy to steal accounts" security policy while hard to block the stealing of accounts.<p>Any help / suggestions appreciated.
Skype security has been flawed ever since that series of odd buyout events that led to the sudden removal of end-to-end encrypted peer to peer operation.<p>First eBay bought what they thought was Skype but instead was only the license to the branding and users and not the p2p backend tech the swiss guys still owned. Then Microsoft stepped in out of nowhere to take the useless brand from eBay and the actual backend only to promptly throw away the entire backend and move to a centralized unencrypted model.
> Both emails encouraged me to contact customer support. I did so only to be met with a request to fill out an online form with an incredible amount of personal information to verify the account. Why would I provide 10X the personal info (...)?<p>This by itself looks like a phishing attack. Did you click a link to Skype support in the second email message or find it by yourself going to the Skype website and browsing around?
Somewhat related, I ran (and am still running) into a very uncanny issue related to another product of Microsoft: Live / Outlook.<p>When Live and Outlook got merged (IIRC a couple of years ago), my @msn.com address got an @outlook.com alias.<p>Unfortunately, this "alias" shouldn't have been one and the email was actually owned by someone else.<p>By some sort of failed merging, I hence ended up getting access to someone else' emails: PayPal related emails, Dropbox access connected to this email account, private email exchanges, etc...<p>I tried to reach out to Microsoft but hit (expectedly) a wall.
Anyone using [insert service here] should be using MFA of some sort. This would solve so many of these problems. It does sound like OP is being hit by a phishing attack, but assuming it's not that, this can only be a lesson for everyone to turn on MFA now if you haven't already. Yes, MS' consumer platform (live, hotmail, outlook, etc) supports it.
Try to contact all your contacts and tell them that your Skype account have been hacked. Also don't give away any personal details unless you are 100% sure you are dealing with the official support.
Your account will likely be used to scam your friends and family. If you have your voice online somewhere they can fake it, or just use the chat to impersonate you. Your personal details and chat history will make it very convincing.<p>Hi, this is Samnwa, your brother, we talking yesterday about xyz, how is that going? btw, could you help me login to my bank, can't find my key card, can I use yours? Cool, alright, Just enter this number... Ooops I entered it wrong, lets try this number...
I experienced the same problem with a very old Skype account. There's no way to reset my password because it says my Microsoft account doesn't exist. My guess is they botched the account migrations from Skype to MSFT in a way that means we cannot prevent account takeovers not access the Skype account. I received an email saying my account was being taken over and given no way to disavow or prevent it. I'm very frustrated with MSFT security. I'm not even sure how one can report such a big.