Skype Halts Password Resets as Massive Security Hole Discovered
By Alistair Charlton | November 14, 2012 10:01 PM EST
A massive security hole has been found in Microsoft's Skype application, where it is possible to gain access to a user's account by knowing nothing more than their email address.
It is then possible to gain access to the target's account, change their password and associated email address, and lock them out for good, as any password reset requests by them will be sent to the new email address, not theirs.
UPDATE: Skype has since shut down its password reset tool while it investigates the issue. The company told IBTimes UK: "We have had reports of a new security vulnerability issue.
"As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority."
The flaw was posted on a Russian forum two months ago - the hackers apparently informed Skype of the problem before going public - and now the exploit has been reproduced successfully by The Next Web, who has refused to link to the original source, but confirms the hack was still possible until Skype halted password resets.
The Next Web explains: "When you use an existing email address to sign up with Skype again, the service emails you a reminder of your username, which is okay, since no one else should have access to your email.
"Unfortunately, because this method enables you to get a password reset token sent to the Skype app itself, this allows a third party to redeem it and claim ownership of your original username and thus account."
This is a glaringly obvious hole in Skype's security, as anyone who knows your email address - or at least the one you use to log into Skype - can take over your account and lock you out permanently, giving the hacker access to your contacts, conversation logs, and the use of any paid-for plans you have, or credit on your account.
To contact the editor, e-mail:
Join the Conversation
- Revealed: Vladimir Putin Plotting To Invade Europe – Report
- 5 Proofs Russia is Geared-Up for Shooting War with U.S. and Can Win Future Nuclear Showdown
- Target’s ‘Surprise Doorbusters’ Black Friday 2014 Deals On TV Sets, Entertainment Centres, DVD Players And More
- IKEA Black Friday 2014 Ad Includes Discounts On Home Furnishings, Appliances, Kitchen Designs, Beds, Sofas, Mattresses And Toys
- T-Mobile’s Black Friday 2014 Deals On Apple iPhone 6, Samsung Galaxy Note 4/Edge, Nexus 6, HTC One M8, LG G3, iPad Air 2 And Mini 3
- Australian and Other Select Earth Locations Hold Proofs Life Once Existed On Mars – Report
- ISIS Drug Transit From Afghanistan To Europe Confirmed By Russia: Money Goes Into Terror Funding And In New Recruitments