Skype for Android user have been left open to an attack which could expose all sorts of personal information.
Android developer Justin Case discovered that a leaked version of Skype Video could easily be exploited to discover privately-stored information including name, date of birth, postal address, telephone numbers and email addresses.
As if using a specially-crafted rogue app which uncovered the data without the need of root or any other special permission on an unreleased version of the app was not bad enough, Case discovered that the exploit also worked on the official release which has been available since October 2010. Case reckons as many as 10 million users could be vulnerable.
"Inside the Skype data directory is a folder with the same name as your Skype user name," writes Case, "and it’s here where Skype stores your contacts, your profile, your instant message logs, and more in a number of sqlite3 databases.
"Skype mistakenly left these files with improper permissions, allowing anyone or any app to read them. Not only are they accessible, but completely unencrypted."
Skype has said it is 'investigating the issue'.