Skype suspends password resets after security hole discovered

Earlier today, a security flaw was discovered in Skype that could allow hackers to access your account using only your username and email address. They could then reset your password and change it to anything they wanted.

First posted on a Russian forum, the hack was tried and verified by The Next Web, which alerted Microsoft (Skype's owner) of the problem. We won't go into the details of the hack itself, needless to say that, once performed, a password reset token can be sent to the app itself rather than the email address of the account owner, therefore allowing an unauthorised party to change it to something they know and you don't, locking you out of the account in the process.

One step to stop this happening is to change the email address you have associated with your Skype account. However, Skype itself has now acknowledged the problem and has suspended the whole password reset process while it investigates.

"We have had reports of a new security vulnerability issue," it says in a statement. "As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority."

Pocket-lint will bring you more information as it becomes available to us.

UPDATE Skype has just contacted us to tell us it has now identified and fixed the security vulnerability.

"Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website," it said in a new statement.

"This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly.

"We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologise for the inconvenience."



>