"We feel the implications are very severe," Ross told CSO. "For example, a high-school hacker, or anyone with basic programming and hacking skills, could track, for example, all the Congressmen in the United States, or the employees of a company. The attack can be used by blackmailers, stalkers, or journalists looking for a racy story about a politician."
Skype and Microsoft Corp. were informed of the researchers' findings and The New York Times reports that Skype is aware of the issue.
"We value the privacy of our users and are committed to making our products as secure as possible," Adrian Asher, Skype's chief information security officer, said in a statement. "Just as with typical Internet communications software, Skype users who are connected may be able to determine each other's IP address. Through research and development, we will continue to make advances in this area and improvements to our software."
Ross said until the issue has been addressed, he recommends that Skype account holders not leave their Skype application running and only have it on when in use. He also recommends screen names not be closely related to a person's actual name.