Skype resolves password reset flaw that affected users’ accounts

A flaw with Skype, which was discussed on Russian blog three months ago, is now resolved

10:08 15 November 2012

Three months ago, a Russian blog talked about the reset password flaw that put Skype users’ account at risk.  With this flaw, attackers use the victims email address to create new Skype accounts.

The password is then reset, which gives hijackers an option to reset the passwords of all the accounts connected to the email address of the victim. Attackers can then easily lock out the account’s owner and access their details.

This issue, which has affected a small number of users, has been resolved by Skype.

“Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website," said engineer Leonas Sendrauskas.

“This issue affected some users where multiple Skype accounts were registered to the same email address.

“We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly.

“We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologise for the inconvenience.”