Microsoft has temporarily disabled password resets for Skype in order to prevent users’ accounts from being hijacked. Several months ago, Russian hackers warned the service that anyone could take over another user’s account if they knew their email address.
CNET’s Lance Whitney reported, “Skype has resolved a nasty e-mail and password security bug and reinstated its password reset page. Revealed by Skype earlier today, the vulnerability allowed someone to create a Skype account using the same e-mail address as that of the intended victim. That person was then able to reset the password for all accounts associated with that address, thereby locking out the account owner from Skype.”
The Next Web’s Emil Protalinski explained, “A new security hole has been discovered in Microsoft’s Skype that allows anyone to change your password and thus take over your account. The issue was first posted on a Russian forum two months ago and has been confirmed by The Next Web (we have not linked to any of the blogs or posts detailing the exploit because it is very easy to reproduce)…. To exploit this flaw, all you need to know is your victim’s email address tied to their Skype account. To protect yourself, you would have to change your email address to one that nobody knows or could easily guess, but most likely Microsoft will get around to fixing the problem before that becomes necessary.”
CNN’s Brandon Griggs noted, “The issue was posted on a Russian forum two months ago, but did not become widely known until it gained traction recently on Reddit and was confirmed by The Next Web, a tech-news blog.”
TGDaily posted Skype’s statement on the issue, which said, “We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.”