Developing

Skype suspends password resets after security hole discovered

Earlier today, a security flaw was discovered in Skype that could allow hackers to access your account using only your username and email address. They could then reset your password and change it to anything they wanted.

First posted on a Russian forum, the hack was tried and verified by The Next Web, who alerted Microsoft (Skype's owner) of the problem. We won't go into the details of the hack itself, needless to say that, once performed a password reset token can be sent to the app itself rather than the email address of the account owner, therefore allowing an unauthorised party to change it to something they know and you don't, locking you out of the account in the process.

One step to stop this happening is to change the email address you have associated with your Skype account. However, Skype itself has now acknowledged the problem and has suspended the whole password reset process while it investigates.

"We have had reports of a new security vulnerability issue," it says in a statement. "As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority.

Pocket-lint will bring you more information as it becomes available to us.




© copyright Pocket-lint 2012