Skype fixes account hijacking vulnerability

Summary:Skype has fixed a severe vulnerability that made it possible to hijack a Skype account using only the email address associated with it.

Skype has fixed an exploit that made it possible to take over Skype accounts.

The vulnerability was revealed on a blog on Wednesday and let anyone take over a Skype account as long as they knew its email address.

"The only thing you need to obtain full access to any Skype account is primary email of that account (the email which used when the skype account been registered)," a post which appeared on the pixus.ru blog on Wednesday morning said. The post detailed the fault and gave step-by-step instructions for using the exploit.

The exploit involves six steps and gave people the ability to login to accounts that were not theirs, then change the password - enabling them to hijack the account. 

"Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address," Skype said in a statement."We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly."

The Microsoft-owned company said it was "reaching out to a small number of users" who could have been affected by the exploit. 

"Skype is committed to providing a safe and secure communications experience to our users and we apologise for the inconvenience," it added.

Skype said it will provide more information on the vulnerability in the next couple of days.

Topics: Security

About

Jack Clark has spent the past three years writing about the technical and economic principles that are driving the shift to cloud computing. He's visited data centers on two continents, quizzed senior engineers from Google, Intel and Facebook on the technologies they work on and read more technical papers than you care to name on topics f... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.