Last month, Google removed 21 apps from the Android Market after the blog Android Police alerted the company that the apps contained malware and were being used to collect user data. After removing the apps from the store, Google also invoked a kill switch to remove them from the phones of users who had the misfortune of downloading the junk.
Skype says it only recently became aware that personal information from its users -- including items like cached profile information and instant messages -- could have been accessed from these malicious apps. Android Police uncovered the vulnerability earlier this week.
To be clear, this only impacts Skype for Android users who installed malware from the Android Market or from various third-party app stores. Even then, it isn't certain that this information was accessed. Still, any users who downloaded those apps should change their password, and check their Skype instant messages for sensitive information that could be used to access other accounts.
Skype says it is working to protect users from this vulnerability in the future. It will secure file permissions in Skype for Android so that data isn't accessible from apps that gain root access.