Skype security flaw leads to hijacked accounts

Almost 30 million people use Skype every day

The VoIP communications-service Skype has had to suspend its password reset function after it was found that a security flaw made it possible to hijack user accounts.

Skype’s developers, Microsoft, have updated the password-resetting capabilities and will fix a flaw that reportedly has made the feature vulnerable to account-takeover attacks that were trivial to carry out. It has been reported that this security flaw was originally exposed on a Russian forum some months ago.
Also liable to hijacking are answerphone messages, old text messages and conversations, as well as sensitive user details.
A Skype spokesman said: "Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website."
The hijacking issue has affected users who are registered to multiple Skype accounts with the same email address. Skype’s spokesman said: “We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly."
Skype is also calling upon a small number of its users who have been affected to assist in the recovery. The spokesperson added: “Skype is committed to providing a safe and secure communications experience to our users and we apologise for the inconvenience."
The latest security flaw follows news last month that the company could distribute malware via its instant message tool.
It proves an embarrassing development for the Microsoft-owned company as they have been attempting to encourage their Windows Live Messengers to make the move to Skype. Microsoft hopes to retire Windows Live Messenger in all countries bar China by March 2013.