Skype Responds To Security Breach — But Is It Enough?

Skype’s president is responding to reports of a security breach in a Chinese-based surveillance system tied to the service. The flaw, reported Thursday (PDF), was discovered within the Tom-Skype software used throughout China. A public interest group found that private messages were not only being collected, but also were being stored on a public server with subpar security — meaning anyone could access the data and the users’ personal information without much work.

Skype President Josh Silverman points out that all communications companies in China are required to abide by government regulations, which “include the requirement to monitor and block instant messages containing certain words deemed ‘offensive’ by the Chinese authorities.” He also says, however, that Skype had been under the impression that Tom was only deleting messages found to be “offensive,” and not storing them.

“We are now inquiring with Tom to find out why the protocol changed,” he says.

As far as the security breach itself, Silverman confirms that Skype addressed the issue with Tom immediately after learning of it, and that the breach has been fixed. He also notes that only instant messaging conversations were affected, not standard Skype voice-based communications.

“Skype-to-Skype communications are, and always have been, completely secure and private,” he promises.

The promise isn’t reassuring enough to many in China, with some even worrying that those whose conversations were captured could have been imprisoned or “had their lives ruined in various ways” because of the issues.

“This is a big blow to Skype’s credibility, despite the fact that Skype executives are downplaying it as not such a big deal,” Hong Kong University Internet expert Rebecca MacKinnon tells Reuters.