A flaw in Skype’s password recovery tool enables attackers to hack accounts by using the email address of the victim. Just by following a six-step tutorial put together by the Russian team who discovered the Skype vulnerability, even users with no tech savvy can hack into friends’ accounts as long as they know the assigned email address.
Besides posting the vulnerability, they also added some instructions to prevent attacks on user accounts by means of the new exploit. Using a different email address and setting it up as “Primary email†will keep users safe from Skype’s password recovery bug.
A Skype spokesperson followed up on the incident by releasing a statement confirming that the company took the password reset option offline while investigating the matter. Although they apologized for the inconvenience, finding a patch for the vulnerability is now a top concern.
“We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further,†said a Skype spokesperson. “We apologize for the inconvenience but user experience and safety is our first priority.â€
An internal investigation conducted by both Microsoft and Skype is currently underway and users are protected for as long as the password reset tool has been taken offline.
Add Comment