Skype works to fix hack vulnerability
11/14/2012 6:49:02 PM
PALO ALTO, Calif., Nov. 14 (UPI) --
U.S. Internet-phone service Skype says it has fixed a problem that allowed hackers using known email addresses to reset passwords to gain control of accounts.
The Microsoft-owned company has fixed an exploit that made it possible for hackers to take over Skype accounts as long as they knew the email address associated with the accounts, ZDNet reported.
The vulnerability was revealed Wednesday on a Russian blog.
"The only thing you need to obtain full access to any Skype account is primary email of that account (the email which used when the Skype account been registered)," a post on the pixus.ru blog said, giving step-by-step instructions for exploiting the vulnerability.
Hackers using the fault could log in to accounts that were not theirs and then reset the password, giving them control of the account.
Skype said it had disabled the password-reset feature while it dealt with the vulnerability.
"Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address," the company said in a statement. "We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly."