A flaw in Skypeâ€™s password recovery tool enables attackers to hack accounts by using the email address of the victim. Just by following a six-step tutorial put together by the Russian team who discovered the Skype vulnerability, even users with no tech savvy can hack into friendsâ€™ accounts as long as they know the assigned email address.
Besides posting the vulnerability, they also added some instructions to prevent attacks on user accounts by means of the new exploit. Using a different email address and setting it up as â€œPrimary emailâ€ will keep users safe from Skypeâ€™s password recovery bug.
A Skype spokesperson followed up on the incident by releasing a statement confirming that the company took the password reset option offline while investigating the matter. Although they apologized for the inconvenience, finding a patch for the vulnerability is now a top concern.
â€œWe have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further,â€ said a Skype spokesperson. â€œWe apologize for the inconvenience but user experience and safety is our first priority.â€
An internal investigation conducted by both Microsoft and Skype is currently underway and users are protected for as long as the password reset tool has been taken offline.