Hackers highlight major Skype security hole

Hackers highlight major Skype security hole
Skype - not as secure as we thought

Skype disabled its password recovery function after Russian hackers exposed a major flaw in the service's security.

Update: We've been in touch with Skype to find out more. The company told us, "Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website.

"This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly."

Skype has said it is now getting in touch with users who have been affected by today's security issues so if you don't hear from the company, you should be safe.

Original story continues:

It was discovered that hackers were able to access Skype users' accounts armed with just their username and the email address linked to the account.

The Microsoft-owned VoIP service was forced to issue a statement acknowledging the hole, saying, "We have had reports of a new security vulnerability issue."

Vulnerability issue

"As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority"

Although hackers would need to know your Skype username and email address to access your account, those concerned are advised to change the email address their account is registered to.

It hasn't been a particularly good week for Microsoft on the security front: yesterday it was reported that a 16-year-old had managed to create a prototype Trojan for Windows Phone 8.

via The Verge

TOPICS