Wednesday, July 28, 2021

Skype Disables Password Resets to Fix Security Vulnerability

Microsoft has temporarily disabled password resets for Skype in order to prevent users’ accounts from being hijacked. Several months ago, Russian hackers warned the service that anyone could take over another user’s account if they knew their email address.

CNET’s Lance Whitney reported, “Skype has resolved a nasty e-mail and password security bug and reinstated its password reset page. Revealed by Skype earlier today, the vulnerability allowed someone to create a Skype account using the same e-mail address as that of the intended victim. That person was then able to reset the password for all accounts associated with that address, thereby locking out the account owner from Skype.”

The Next Web’s Emil Protalinski explained, “A new security hole has been discovered in Microsoft’s Skype that allows anyone to change your password and thus take over your account. The issue was first posted on a Russian forum two months ago and has been confirmed by The Next Web (we have not linked to any of the blogs or posts detailing the exploit because it is very easy to reproduce)…. To exploit this flaw, all you need to know is your victim’s email address tied to their Skype account. To protect yourself, you would have to change your email address to one that nobody knows or could easily guess, but most likely Microsoft will get around to fixing the problem before that becomes necessary.”

CNN’s Brandon Griggs noted, “The issue was posted on a Russian forum two months ago, but did not become widely known until it gained traction recently on Reddit and was confirmed by The Next Web, a tech-news blog.”

TGDaily posted Skype’s statement on the issue, which said, “We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.”

Similar articles

Latest Articles

Data Science Market Trends...

When famed mathematician John W. Tukey postulated that advanced computing would have a profound effect on data analysis, he probably didn’t imagine the full...

Data Recovery Market Trends...

Data recovery is more important than ever in this era of constant cyber attacks and ransomware. The Verizon Data Breach Investigations Report (DBIR) looked...

Trends in Data Visualization

In a world of big data, visualization is becoming a key skill set that every business must master.  Digital technology has transformed the way businesses...

Microsoft Data Portfolio Review

With a host of analytics services for almost any situation, Microsoft Azure’s data services have got just about every base covered.   In the world...