Skype to fix misdirected IM flaw

Private messages leak, and incorrectly presented as if they came from recipient.
  • Liam Tung (CSO Online (Australia))
  • — 18 July, 2012 09:38

Skype is working on a fix for a bug that routes messages intended for one contact to other unintended recipients.

Skype confirmed the flaw on Monday, telling Endgadget that “we are aware that in rare circumstances IM’s between two contacts could be sent to an unintended third contact.”

The flaw does not appear to be widespread, with only a small number of users reporting the misdirected message problem on Skype’s community board since last Tuesday.

However, the bug has caused confusion for those affected because messages received by an initial sender are being forwarded to a third recipient but presented as if it was sent by the first recipient.

One user who claimed to be affected described it as “slightly awkward” while another, who pointed out private messages are being shuttled between people who have no relationship, said it was a “disturbing” breach of privacy.

“... I was the recipient of two lines of chat which were exchanged between my contact and one of his contacts. I am not connected to my friend's contact,” that user wrote.

A Skype community manager said the company was investigating the reports last Friday. Today Skype said it would deploy a fix in the next few days and will notify users to download an updated version.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

NetIQ Security Manager

NetIQ® Security Manager™ is an industry-leading Security Information and Event Management (SIEM) solution that provides protection for your critical data and systems.

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »