(Image Source: The Next Web)

BY JOHN O’CONNOR

ANCHOR MEGAN MURPHY

Video chat service Skype has suspended its password reset page over a serious security flaw. The company discovered the function could be used to hijack Skype users’ accounts. CNET explains the concern.

“A person merely has to create a new Skype account using the same e-mail address as the intended victim. That person can then reset the password for all accounts associated with that e-mail address, thereby locking out the original account owner from Skype.” 

The BBC says the vulnerability was originally revealed on a Russian blog three months ago. It was only addressed by Skype management after the details appeared on sharing site, Reddit. Potential consequences over this flaw are huge.

“The issue could have exposed answerphone messages, old text message conversations and user details including date of birth … Skype blanks all but the last four digits of stored credit card accounts preventing the hackers from being able to steal cash, however they could have used up spare credit.” 

Tech News provider The Next Web took the problem straight to Skype and Microsoft, which then issued this statement …

"We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority" 

The Next Web still recommends changing your Skype account email to something else besides your primary email address, and removing all sensitive personal information. 

Skype Fixes Security Flaw

by John O'Connor
0
Transcript
Nov 14, 2012

Skype Fixes Security Flaw

 

(Image Source: The Next Web)

BY JOHN O’CONNOR

ANCHOR MEGAN MURPHY

Video chat service Skype has suspended its password reset page over a serious security flaw. The company discovered the function could be used to hijack Skype users’ accounts. CNET explains the concern.

“A person merely has to create a new Skype account using the same e-mail address as the intended victim. That person can then reset the password for all accounts associated with that e-mail address, thereby locking out the original account owner from Skype.” 

The BBC says the vulnerability was originally revealed on a Russian blog three months ago. It was only addressed by Skype management after the details appeared on sharing site, Reddit. Potential consequences over this flaw are huge.

“The issue could have exposed answerphone messages, old text message conversations and user details including date of birth … Skype blanks all but the last four digits of stored credit card accounts preventing the hackers from being able to steal cash, however they could have used up spare credit.” 

Tech News provider The Next Web took the problem straight to Skype and Microsoft, which then issued this statement …

"We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority" 

The Next Web still recommends changing your Skype account email to something else besides your primary email address, and removing all sensitive personal information. 

View More
Comments
Newsy
www2