Skype Accused Of Handing Out Private Info To Private Company
from the massive-fail dept
The security firm, iSIGHT, was hired by PayPal to investigate the attacks, and an employee of the company reached out to Skype seeking information about one user who he thought might be involved. And Skype coughed up the info -- including username, real name, email address and home address -- no questions asked. As the article notes, there was no court order or anything like that. Just a guy from a private company asking and Skype said, "sure, here's all the info."
There are questions about whether this move violated some European privacy directives. At the very least it seems clear that it violated Skype's own policies, which include not providing customer data unless required by law, or if official law enforcement is involved. In this case, neither thing is true. One hopes that this is just a one-off mistake by Skype, but it's worrying nonetheless.