Menu
Skype disables password reset after security flaw exposed

Skype disables password reset after security flaw exposed

The flaw allowed anyone who knew your email address to gain control of your Skype account

Microsoft has disabled the option for users to reset their Skype passwords after security experts uncovered a serious flaw in the software that allowed anyone who knows your email address to hack your Skype account.

The vulnerability allowed people to sign up to Skype with email addresses already in use by others and then force password resets for accounts associated with that address in order to gain access to your account. Basically, anyone who knew your email address could sign up for a new Skype account with it and then reset the password for your current account, thus hacking in.

The exploit first appeared on several Russian forums, and has been actively exploited since, Costin Raiu, a senior security researcher at Kaspersky Lab, said in a blog post. To protect against this vulnerability, Raiu advises that users change the email address associated with their Skype account to a new, never-before-used address.

Rik Ferguson, director of security research & communication at Trend Micro, explainedhow easy it was to hack into someone's Skype account: "In essence the procedure is so simple it could be carried out by even the most inexperienced of computer users. [...]This would lock the victim out of their Skype account and allow the hacker to receive and respond to all messages destined for that victim until further notice. I tested the vulnerability and the entire process took only a matter of minutes."

Skype also said in a statement that it is aware of the new security vulnerability issue. "As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority," the statement said.

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Tags hackersskypeMicrosofttrend microsecuritypasswordsWeb & communication softwarekaspersky lab

Upcoming

Slideshows

IN PICTURES: VMware's VMworld 2015 day 1 (+13 photos)

IN PICTURES: VMware's VMworld 2015 day 1 (+13 photos)

VMware has kicked off VMworld 2015 in San Francisco and the first day saw keynotes from its president and CEO, Carl Eschenbach; executive vice-president and general manager, Bill Fathers; and executive vice-president and general manager of SDDC, Raghu Raghuram; amongst others. VMware also made Cloud-related announcements and demonstrated its latest technology.

IN PICTURES: VMware's VMworld 2015 day 1 (+13 photos)
IN PICTURES: 2015 Microsoft Australia Partner Awards (+21 photos)

IN PICTURES: 2015 Microsoft Australia Partner Awards (+21 photos)

The achievements of Microsoft’s Australian partners over the past year have been recognised through a number of prestigious awards announced at the 2015 Microsoft Australia Partner Conference (APC) on the Gold Coast. The Microsoft Australia Partner Awards showcased partners delivering innovative solutions and services to customers, with many embracing Microsoft’s Cloud solutions. Awards were presented in 17 categories. The winners were chosen from more than 170 nominations. With more than 11,000 partners in Australia it was a competitive field. Photos by ARN Editor, ALLAN SWANN.

IN PICTURES: 2015 Microsoft Australia Partner Awards (+21 photos)

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments