Thursday, April 22, 2021

Skype Disables Password Resets to Fix Security Vulnerability

Microsoft has temporarily disabled password resets for Skype in order to prevent users’ accounts from being hijacked. Several months ago, Russian hackers warned the service that anyone could take over another user’s account if they knew their email address.

CNET’s Lance Whitney reported, “Skype has resolved a nasty e-mail and password security bug and reinstated its password reset page. Revealed by Skype earlier today, the vulnerability allowed someone to create a Skype account using the same e-mail address as that of the intended victim. That person was then able to reset the password for all accounts associated with that address, thereby locking out the account owner from Skype.”

The Next Web’s Emil Protalinski explained, “A new security hole has been discovered in Microsoft’s Skype that allows anyone to change your password and thus take over your account. The issue was first posted on a Russian forum two months ago and has been confirmed by The Next Web (we have not linked to any of the blogs or posts detailing the exploit because it is very easy to reproduce)…. To exploit this flaw, all you need to know is your victim’s email address tied to their Skype account. To protect yourself, you would have to change your email address to one that nobody knows or could easily guess, but most likely Microsoft will get around to fixing the problem before that becomes necessary.”

CNN’s Brandon Griggs noted, “The issue was posted on a Russian forum two months ago, but did not become widely known until it gained traction recently on Reddit and was confirmed by The Next Web, a tech-news blog.”

TGDaily posted Skype’s statement on the issue, which said, “We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.”

Similar articles

Latest Articles

Top Cloud Service Providers...

Surveying the top cloud computing companies in 2021 goes way beyond AWS vs. Azure vs. Google. While those three are inarguable cloud leaders, the...

IT Planning During a...

Without a doubt, 2020 changed everything. I like to compare it to a science fiction movie where time travel is involved. Clearly, we have...

Best Data Quality Tools...

Data quality is a critical issue in today’s data centers. The complexity of the Cloud continues to grow, leading to an increasing need for...

NVIDIA’s New Grace ARM/GPU...

This week is NVIDIA’s GTC, or GPU Technology Conference, and they likely should have changed the name to ATC because this year – it...