Report: Skype disclosed user data to security firm
Apparently, the Skype instant messaging service passed on the personal data of a young Dutch user to private security company iSight Partners without a court order. According to a report by Dutch news site nu.nl, the Dutch national, who was 16 years old at the time, was believed to have taken part in the distributed denial-of-service (DDoS) attacks of Operation Payback. Reportedly, iSight Partners quickly forwarded the data to the Dutch authorities, who apprehended the then sixteen-year-old a few days after the attacks began.
The news report says that iSight Partners had been instructed by the PayPal online payment service to investigate the attacks. PayPal was also among the attacked companies. According to nu.nl, iSight senior director Joep Gommers became aware of the sixteen-year-old user via an instant messaging channel. Gommers reportedly contacted Skype, another of his firm's clients, and asked them for the suspect's account data. Apparently, he contacted the Dutch authorities at the same time, telling them them that he would soon be able to provide the user's identity. The report adds that Skype voluntarily disclosed the information to Gommers, who then passed it on to the authorities.
In an email to nu.nl, Gommers said that his company usually does not pass on information to law enforcement authorities out of its own volition, but that in this case he made an exception in the interest of the public. A Skype spokesperson noted that the instant messaging service does not disclose user data without a court order. How the user's personal information could fall into the hands of another company is currently being investigated, he added.
Operation Payback involved numerous coordinated DDoS attacks that were organised by internet activists and WikiLeaks supporters between late 2010 and early 2011. The attacks mainly targeted companies such as MasterCard and Visa, who had put on hold any business dealings with whistleblower platforms such as WikiLeaks.