Hackers find way to break into Skype accounts using only an email address
Russian hackers have found a way to break into any Skype account using only the original email address provided at registration.TNW reports that Microsoft has already been informed of the glitch and, although the security hole was discovered nearly two months ago, they’re still working on a fix.
Basically, hackers only need the username and the email address of the Skype account in order to reset the password and get access to the targeted account. It all comes down to a total of five different steps which are (fortunately) unavailable for the time being.
There’s no way to protect yourself from this kind of attacks, but you could try changing your email address, just to make sure hackers don’t find it. Skype is working on the problem, so an official statement should be released soon.
Update: Microsoft has temporarily removed the password reset option on the Skype page until it issues a fix on the matter. Furthermore, the company has confirmed for The Verge that it’s looking into the problem right now.
“We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority,” Microsoft said.
Update 2: Skype has restored the password reset option, as the security hole no longer exists. Here's what Skype said a couple of minutes ago:
"Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience."