Skype disables password reset after security flaw exposed

The flaw allowed anyone who knew your email address to gain control of your Skype account

Daniel Ionescu (PC World (US online))
14 November, 2012 20:31
Comments

Microsoft has disabled the option for users to reset their Skype passwords after security experts uncovered a serious flaw in the software that allowed anyone who knows your email address to hack your Skype account.

The vulnerability allowed people to sign up to Skype with email addresses already in use by others and then force password resets for accounts associated with that address in order to gain access to your account. Basically, anyone who knew your email address could sign up for a new Skype account with it and then reset the password for your current account, thus hacking in.

The exploit first appeared on several Russian forums, and has been actively exploited since, Costin Raiu, a senior security researcher at Kaspersky Lab, said in a blog post. To protect against this vulnerability, Raiu advises that users change the email address associated with their Skype account to a new, never-before-used address.

Rik Ferguson, director of security research & communication at Trend Micro, explainedhow easy it was to hack into someone's Skype account: "In essence the procedure is so simple it could be carried out by even the most inexperienced of computer users. [...]This would lock the victim out of their Skype account and allow the hacker to receive and respond to all messages destined for that victim until further notice. I tested the vulnerability and the entire process took only a matter of minutes."

Skype also said in a statement that it is aware of the new security vulnerability issue. "As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority," the statement said.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

More about: Kaspersky, Kaspersky Lab, Microsoft, Skype, Trend Micro

Comments are now closed.

Share
Share this article1
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"Indian travellers to African and American nations are having a tough time ..."

Attack on Telenor was part of large cyberespionage operation with Indian origins: report
""Box acquired the Folders intellectual property from its developer Martin Destagnol..." I ..."

Box buys iOS app to improve its own
"The Android based suppliers need to be forced to update the versions ..."

Growing mobile malware threat swirls (mostly) around Android
"Yet another invite to copy.com with 20GB for free https://copy.com?r=klzP2t"

Barracuda Networks raises free capacity of Copy.com to 15GB
"The best use of video conferencing I have seen, bringing world peace ..."

Coke gives peace a chance ( +16 photos)

Tags: hackers, skype, Microsoft, trend micro, security, passwords, Web & communication software, kaspersky lab

ARN Directory | Distributors relevant to this article

Anyware Corporation , ASI Solutions , Avnet Technology Solutions , Bluechip Infotech , Com1 International , Compucon Computers , Dicker Data , Express Data , Express Online , Hemisphere Technologies , ICT Distribution , Impact Systems Technology , Ingram Micro Australia , Leader Computers , Multimedia Technology , NewLease , Open Channel Solutions , Scholastic , Synnex Australia , Topstar Computer International , WhiteGold Solutions , Wholesale IT , XiT Distribution

ARN Directory | Vendors relevant to this article

Kaspersky Lab , Trend Micro

Most Read

Get exclusive access to ARN's news, research and invitation only events.

Featured Resources

MSP Guides for effective Endpoint Management Solutions

COPY: In a world accustomed to multiple, fragmented technologies and point solutions, MSPs need a unified approach that supports endpoint management across heterogeneous devices and operating systems. This buyers’ guide outlines features and capabilities that comprise an effective endpoint management solution to help enhance visibility and control for hundreds of thousands of distributed endpoints.

Most Commented

ARN Distributor Directory

Find distributors by name | vendor | location

Channel Deals

Transition Systems Australia

NEW. WAN Optimisation Available.

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Latest Jobs