The ten million users of Skype for Android are vulnerable to a hack that reveals a huge amount of personal data, Android Police reports.
The site uncovered a way a hacker might use a rogue app to access personal information stored by Skype--including full name, phone number, email address and contact list. Basically, the app has an SQLite3 database where information is stored, but the files are unencrypted without enforced permissions, letting an app find them. Android Police created an app called Skypwned to demonstrate the extent of the problem.
Android Police explains, "I quickly came up with an exploit, and I was in shock at just how much information I could harvest. Everything was available to the rogue app I created, without the need for root or any special permissions."
Skype is investigating the issue.
Watch a video explaining the vulnerability below: