The Inquirer-Home

Skype looks into email reset account takeover issue

Has suspended parts of service
Wed Nov 14 2012, 11:27
skype app

MESSAGING OUTFIT Skype has reacted quickly to reports that its users are vulnerable to a mind bogglingly simple account takeover attack.

This morning Reddit was abuzz with an English translation of a Russian security alert that said that it is possible to take over someone's Skype account with just their email address.

The vulnerability has been around for a couple of months, but really sprung into the wider consciousness today. All it involves is a couple of simple steps, one of which is requesting a password reset.

Skype has reacted very quickly to the problem though, and has disabled the in application password reset feature. This is good news if you are worried about someone taking over your Skype account, but bad news if you have forgotten your password.

"We have had reports of a new security vulnerability issue," said Skype this morning. "As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority."

Before Skype stepped in attackers only needed to know a user's email address to take over their account. The best advice then was to use an email address that is not publicly known. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Masque malware is putting iPad and iPhone user data at risk

Has news of iOS malware made you reconsider getting an iPhone?