Skype Accused Of Handing Out Private Info To Private Company

from the massive-fail dept

Over the last year or so, there's been concern about Skype's commitment to privacy following its acquisition by Microsoft. Now a situation in the Netherlands is serving to renew those fears. As highlighted by Slashdot, it appears that Skype handed over information on a 16-year-old user to a private information technology firm that was investigating some denial of service attacks against PayPal.

The security firm, iSIGHT, was hired by PayPal to investigate the attacks, and an employee of the company reached out to Skype seeking information about one user who he thought might be involved. And Skype coughed up the info -- including username, real name, email address and home address -- no questions asked. As the article notes, there was no court order or anything like that. Just a guy from a private company asking and Skype said, "sure, here's all the info."

There are questions about whether this move violated some European privacy directives. At the very least it seems clear that it violated Skype's own policies, which include not providing customer data unless required by law, or if official law enforcement is involved. In this case, neither thing is true. One hopes that this is just a one-off mistake by Skype, but it's worrying nonetheless.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Atkray (profile), Nov 6th, 2012 @ 3:19pm

    "There are questions about whether this move violated some European privacy directives."

    You have a talent for understatement. If Google got into all kinds of trouble for driving down the street and taking pictures, how can this be ok?

    Unfortunately, I expect the stereotypical 16 year old hacker/anonymous persona will be used to justify this.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Shmerl, Nov 6th, 2012 @ 4:21pm

    Skype was never trustworthy. Does anyone really trust it since it was acquired by Microsoft?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    F!, Nov 6th, 2012 @ 4:29pm

    screw microsoft skype

    Use Jitsi instead. Be sure to encrypt whenever possible (Jitsi supports encryption, Skype doesn't).

    Any 'hacker' worthy of the title wouldn't be tracable via some half-assed product like Skype. Not saying he deserves it, but wow what a rough way to learn that lesson.

    I hope Skype gets fined into oblivion for breaking both the law and their own stated policy. More likely they'll be held up as a paradigm of law & order.

    Example #9678970 why not to use/trust proprietary software.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Nov 6th, 2012 @ 6:16pm

    If you want your privacy protected, stay away from Skype. It's as simple as that. They are WAY too loose with people's data.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Coyne Tibbets, Nov 6th, 2012 @ 8:19pm

    Huh? Hasn't Skype told them yet that the other company is a "business partner"? I thought every "Universal Privacy Denial" statement had an exception for business partners.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    That Anonymous Coward (profile), Nov 6th, 2012 @ 8:43pm

    Because when a corporation has been wronged, special rules apply.

    Wasn't paypal saying the DDOS was merely an inconvenience that hadn't affected them deeply?
    So why is it this much later they are still hunting down 16 yr olds?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    JJJoseph, Nov 7th, 2012 @ 1:59pm

    Breaking the law?

    "I hope Skype gets fined into oblivion for breaking the law"

    And which law would that be?

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      F!, Nov 7th, 2012 @ 10:48pm

      Re: Breaking the law?

      Making the wild assumption you're replying to me, I must say after submitting that comment I realized some people may lack the ability to infer that what was meant was their violation of EU directives mentioned in TFA.
      Cheers

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Tex Arcana (profile), Nov 8th, 2012 @ 4:22pm

    Makes the case for NEVER using your real name and address in ANYTHING you do, especially with unscrupulous companies such as Microsoft, Skype, Google, Apple... etc., etc....

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This