MESSAGING OUTFIT Skype has reacted quickly to reports that its users are vulnerable to a mind bogglingly simple account takeover attack.
This morning Reddit was abuzz with an English translation of a Russian security alert that said that it is possible to take over someone's Skype account with just their email address.
The vulnerability has been around for a couple of months, but really sprung into the wider consciousness today. All it involves is a couple of simple steps, one of which is requesting a password reset.
Skype has reacted very quickly to the problem though, and has disabled the in application password reset feature. This is good news if you are worried about someone taking over your Skype account, but bad news if you have forgotten your password.
"We have had reports of a new security vulnerability issue," said Skype this morning. "As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority."
Before Skype stepped in attackers only needed to know a user's email address to take over their account. The best advice then was to use an email address that is not publicly known. µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted