Skype is blocking password resets when a security hole was found out. Its users must have been adversely affected by such hole.
Hackers found a security hole in Skype which gives an outsider a chance to get into a user’s account. As a temporary precaution, Skype suspends its password reset. This issue was seen in a forum and was reiterated on Reddit. The security hole is found in the video-chat part which allows anyone to change an account’s password then do anything with the account.
Skype said that the users affected were “a small number”, and is now looking into the problem. According to Leonas Sendrauskas of Skype, there were notifications of concerns by users regarding the password rest security and most affected are those users with multiple accounts connected to the same email address.
Skype blocks reset of password for the meantime. As of today, it already has updated and properly working though.
Next Web staffers said they duplicated the attack per step and were able to have access to the accounts of their editor and writer (with the owners’ permission).
Sendrauskas added that the company is committed to giving its users a secure and safe communication experience and it is now reaching out to those who were affected by the suspension of the password reset. He apologized for the inconvenience.
Part of the flaw exploitation, the hackers got the email address associated with their Skype account, used that email address to register another account, used password reset, gain access to the user’s Skype account then blocked the original owner.
The hole may have also exposed users’ personal details such as birth dates as well as instant messages.