If you have received a weird message on Skype with a link to Baidu or LinkedIn recently, you are not alone. In the past couple of weeks, many users have been surprised to see their accounts breached and being used to send spam.
Microsoft offers the ability to link a Skype and Microsoft Account together to make sign-in and security easier through two-factor authentication. If you already linked your Skype and Microsoft account, Microsoft has kept your original Skype account password separate so that you can still use it to access the service with your Skype username. If that password is not secure or you used it elsewhere then hackers can use it to gain access to Skype, bypassing any two-factor authentication provided by Microsoft.
The ability to bypass Microsoft's two-factor authentication is a major dent in Skype's security, but there is a fix. If you have already linked a Microsoft Account to Skype, then you will need to 'update' your Skype account to ensure it is fully merged over at Microsoft's account page. Here are the steps:
Go to https://account.microsoft.com; if you are already signed in, sign out.
Enter your Skype name, not your Microsoft Account email address, and use your Skype password to sign-in If you have linked your Microsoft Account previously, you will be prompted to sign-in and merge the accounts to create a Skype alias
Once the two accounts are properly merged, Microsoft creates a Skype alias to let you keep signing in with a Skype username. You can continue using this or disable it under the aliases preferences, to ensure nobody can try to sign in with your Skype username.
Either way, you will not be able to use your old Skype password anymore, and attackers will have to know the email address associated with your account.
If you have not yet linked Skype and Microsoft Accounts at all, then you should be safe to link and merge with the new process.