Security hole allows anyone to hijack your Skype account
It looks like Skype has another big hole in their security. According to reports, a security hole makes Skype accounts vulnerable to hijacking. The security hole allows unauthorized users with knowledge of your Skype-connected email address to change the password on your Skype account, thus gaining control of it.
The hijack is triggered by signing up for a new Skype account using the email address of another registered user. No access to the victim’s inbox is required one just simply needs to know the address. Creating an account this way generates a warning that the email address is already associated with another user, but crucially the voice-chat website does not prevent the opening of the new account.
Then hacker just have to ask for a password reset token , which Skype app will send automatically to your email, this allows a third party to redeem it and claim ownership of your original username and thus account. The issue was reportedly documented on Russian forums
months ago, and appears to have been easy to exploit.
Skype appears to have pulled its password reset page
, stopping this flaw in its tracks and said, “We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority
For quick security of your account, users should change associated e-mail address of your Skype account.