Skype fixes account hijacking vulnerability

Skype has fixed a severe vulnerability that made it possible to hijack a Skype account using only the email address associated with it.

Skype has fixed an exploit that made it possible to take over Skype accounts.

The vulnerability was revealed on a blog on Wednesday and let anyone take over a Skype account as long as they knew its email address.

"The only thing you need to obtain full access to any Skype account is primary email of that account (the email which used when the skype account been registered)," a post which appeared on the pixus.ru blog on Wednesday morning said. The post detailed the fault and gave step-by-step instructions for using the exploit.

The exploit involves six steps and gave people the ability to login to accounts that were not theirs, then change the password - enabling them to hijack the account. 

"Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address," Skype said in a statement."We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly."

The Microsoft-owned company said it was "reaching out to a small number of users" who could have been affected by the exploit. 

"Skype is committed to providing a safe and secure communications experience to our users and we apologise for the inconvenience," it added.

Skype said it will provide more information on the vulnerability in the next couple of days.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All