Skype Ignores e-Bay Vulnerability In Client Software

[Ehtyar]

Skype refuses to acknowledge a vulnerability in their client software that can allow an attack to hijack the victims e-Bay account.

One day last month, when Klaus Zimmerman tried to log into his Skype account, he got an error message indicating his username and password didn't match. Concerned something was awry, Zimmerman, a computer repairman living in Wexford County, Ireland, phoned his brother and asked him to check his online status.

"I saw you on earlier, but your picture was gone," the brother reported. "You're now listed as living in Germany." On top of that, the person logged in was no longer answering the brother's queries.

Full Story

Ehtyar.

[Deozaan]

I don't understand how someone hijacking a Skype account will suddenly have access to eBay and PayPal accounts.

[Ehtyar]

As eBay owns Skype, they allow you to use single-signon with Skype to access your eBay account. Thus if an attacker manages to steal your Skype identity, he effectively has control of your eBay ID aswell.

Ehtyar.

[Deozaan]

Thanks for that clarification. I've never used Skype so I didn't know.

[Ehtyar]

I've never used the feature myself, and it took quite some research to confirm this theory.

Ehtyar.