X

Sign in

Sign in to confirm

Have you forgotten your password?

... or login with Facebook:

Don't have an AndroidPIT account yet? Sign up

A Serious Security Vulnerability in Skype Found and Repaired

Briley Kenney
2

Earlier today news surfaced about a dangerous security flaw in Skype. The issue has since been resolved, and the password reset system is now back in action. The vulnerability existed because of a lax password reset procedure in Skype.

Padlock Left Unlocked

The previous policy allowed folks to sign up a new account, with an email address of an account that is already in use. After signing in, it was then possible to force reset passwords for accounts linked to that particular email address. The password reset tokens were then sent through the Skype client, which meant hackers wouldn’t need access to the email address in question in order to hijack a Skype account.

This is discouraging news indeed folks!

The vulnerability has actually been around for a while; it was originally posted in a Russian web forum with detailed instructions on how to reproduce the hack. The Next Web found the instructions and took the opportunity to test out the security flaw, and unfortunately, they were successful. Next Web posted information about the security threat on their site and brought it to the attention of Skype and Microsoft, luckily before anyone could be severely harmed.

Microsoft and Skype took action immediately by halting the password reset procedure until the issue could be fixed. Later, Skype issued a statement to TNW implying that the security flaw only affected a small number of users –this was clearly proven to be a false claim as the vulnerability affected all Skype accounts.

As we’ve mentioned above, the proper fix has been implemented, and Skype accounts are now safe and secure again, at least for a little while. We can all go back to making faces and mooning people over the internet now.

Hopefully in the future, Microsoft and Skype will pay a little more attention when an issue like this pops up.

Skype Password Reset Page

On a side note: I can’t help but feel like this all went down in an overly dramatic fashion. What say you fellow readers?

Related Topics

Related Articles

Magazine / Apps
6 2 weeks ago

Hangouts vs Skype: do we have a new VoIP champion?

Magazine / Apps
1 2 months ago

Skype update becomes more like WhatsApp (in a good way)

Magazine / Apps
2 4 months ago

Skype Translator: real-time translations in video calls by the end of 2014

Comments

Write new comment:
  • Rolfhu Nov 15, 2012 Link

    Are this things not normal issues with MS software? :-D

    0
  • Briley Kenney Nov 15, 2012 Link

    As you can tell from the related articles above, this is not the first time it's happened. ;)

    0