A simple Skype exploit can reveal IP addresses — remote and local — of any user.
A blog post by skype-open-source runs through the process of obtaining a user’s IP address. Essentially, all a person has to do is start the process of adding a contact with a specific user name. Instead of sending a contact confirmation, the person can click on the information card to obtain the IP address of that particular user.
The process only works if the other user is online. The only method of protecting against this is to log off of Skype when you’re not using it, or to use a virtual private network to hide the IP address, according to ghacks.
The IP address doesn’t give up a person’s name or other specific information, but it does provide information on the country, and in some cases city, of origin. Ghacks noted that an IP address can be used to obtain more information in the case of a lawsuit.
Skype said it is looking at the issue.
“We are investigating reports of a new tool that allegedly captures a Skype user’s last known IP address. This is an ongoing, industry-wide issue faced by all peer-to-peer software companies,” said a company representative. “We are committed to the safety and security of our customers and we are takings measures to help protect them.”
Updated at 1:23 p.m. PT: to include a response from Skype.