Skype Vulnerability: Password Reset Halted

Posted by Unknown | Thursday, November 15, 2012 |

Trend Micro's Rik Ferguson, director of security research and communication, in a blog post on Wednesday reported a vulnerability in Skype application which could allow anyone that knows your email address hack your Skype account. The vulnerability enables one to sign up for Skype with an email address already taken, and then through password reset can gain access to the original account associated to that email address.

But, actual discovery of the vulnerability was credited to a Russian Forum where a proof of concept was posted about three months ago.

Skype on its part has released an official statement acknowledging the vulnerability, and had subsequently suspended the account reset feature temporarily as a precaution; now working on password update process today.

Skype, also added that the issue affected some users where multiple accounts were registered to same email address. The company, however, promised reaching out to those users whose account may have been compromised thereby for necessary actions.

Guess, the days of labeling some information "minor" in security and privacy considerations are over, users discretion to personal details remain paramount.