Skype leaves Sensitive User Data Unencrypted Locally On Computers

  • 29 April 2014
  • 2 replies
  • 1199 views

Userlevel 7
Badge +52
An application should always encrypt users' sensitive data, either it is local or stored on company servers, but still many popular services failed to provide fully secured solutions to their users. Drago? Gaftoneanu, a Romanian programmer at Hackyard Security Group, a private community dedicated to IT security research approaches 'The Hacker News' editorial and claimed that the Microsoft owned most popular free voice calling service Skype leaves its local database unencrypted, that puts users' sensitive information at risk. Though the Skype database is supposed to be encrypted because it is sensitive enough, but Drago? found that Skype leaves users’ full name, birthday, phone numbers, country, city and even full chat conversations unencrypted on the systems’ hard drive in a known location without any encryption or password.  Skype is a free online service that allows users to communicate with peers by voice using a microphone, video by using a webcam, and instant messaging over the Internet. Due to its worldwide popularity it was acquired by Microsoft Corporation on May 2011 for US$8.5 billion. Full Article       

2 replies

Userlevel 7
Petr, thanks for the warning!
 
Regards,
 
Mike
Userlevel 7
Badge +56
I think most IM software stores their logs in plaintext.  Just like email - if you're expecting your conversation to be protected then you need to use a system that is secure by design, rather than convenient.

Reply