Skype fixes massive flaw that allows people to hack your account by simply knowing your email address

Skype, when it's working, is actually very easy to hack into. All you need is a user's email address and you can hijack an account without too much fuss.

New Skype IDs could be created with an email address of an intended victim, enabling hackers to assume control of the account using an online password reset form. All those mucky conversations you've been having? Easily accessible.

And finally, Skype have fixed this password reset bug, so your account is safe.

Skype disabled the password reset facility on Wednesday and, after nearly a week, Skype said that they'd got everything fixed and admitted that a "small number of users" had been hacked.

They said: "Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologise for the inconvenience."



  • Tim B.
    jah128 - Is this why I've been getting spammed to death all of a sudden then? Any chance of a link to info on this?
  • supasumo
    Has this been a vulnerability for a long time? My Skype account was hacked last year, used to call a whole host of really dodgy looking calls and Skype flat out refused to take any kind of responsibility. Also, for a telecoms company, you can't actually speak to them. The told me a whole host of crap, saying they are secure and refusing to take any responsibility. I had my credit card company refund my previous transaction, and will certainly never use them again.
  • Skype u.
    [...] the wake of the password-reset vulnerability, however, companies are wondering if they should clamp down on the use of Skype – is it a [...]

What do you think?

Your comment