Microsoft has urged all Skype users to change their passwords, following user reports that spoof messages have been sent from their accounts without permission, reports The Register.
This advice comes on the back of users first highlighting the issue on Skype’s official online community forum three weeks ago, which has drawn attention to the possible security flaw.
The opening post in the discussion notes how one user received a link from a friend whom they “don’t normally” Skype with.
The communication was in the form of a shortened link, which once clicked directed the individual to a Russian domain. Appreciating that something was amiss, the “window was closed before the page was loaded”.
He then chased up the matter with the friend in question who informed him that no activity had been present from his account.
Other users have reported similar problems, with the link that they have received usually directing them to a Russian domain.
Responding to the thread, one of Skype’s community managers, named Claudius, said that its engineers are looking into the matter.
“Meanwhile we’d recommend everyone to change their account passwords for all your Skype related accounts,” he added. “Also [we advise] updating your Microsoft account password if you linked that to your Skype account.”
This can be done following directions on Skype’s official advice pages, however, in later posts on the discussion, Claudius has added further insight and advice.
He explains that the source could be malicious software that is sending out the instant messaging spam, which has yet to be “detected by malware bytes or antivirus”.
The community manager suggests checking third party app access to Skype Desktop API.
Presently it is unknown how widespread the problem is, but the fact that this specific online discussion now extends to 23 pages long, suggests a reasonable number of people have been impacted.