Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
Skype Vulnerability, Now Blocked, Allowed Account HijackSkype Vulnerability, Now Blocked, Allowed Account Hijack
A security vulnerability in Skype, in use for 2 months, allowed an attacker to hijack a Skype account if they knew the email address of the user. Skype has temporarily disabled the feature which allowed the attack.
1 Min Read
Security blogs everywhere are reporting on a Skype vulnerability which allowed easy hijacking of an account if the attacker knew the email address of a user.
Skype temporarily disabled password resetting this morning, the feature which allowed the hijack. We advise you to log in to your account to make sure it has not been hijacked and to check your history.
Image courtesy of Kaspersky
The problem was first publicized last night on Russian web forums. Skype now claims to have fixed the password reset so that it cannot be abused in this way.
Skype issued a statement on the issue:
Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.
About the Author
Follow Larry Seltzer and BYTE on Twitter, Facebook, LinkedIn, and Google+:
You May Also Like
More Insights
