Skype accounts vulnerable to email security hole; Microsoft issues temporary fix

Published November 15, 2012 2:47pm

A security hole may potentially allow an attacker to hijack a Skype user's account using the victim's email address, a tech site reported on Wednesday.

The hole lets a potential attacker change a user's password and thus take over another person's account, according to a report on The Next Web.

But as of Wednesday night, Manila time, The Next Web said Skype pulled its password reset page to prevent attackers from exploiting the flaw.

“We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority,” it quoted Skype as saying in a statement.

The Next Web said the issue was first posted on a Russian forum as early as two months ago.

It said an attacker only needs to know the victim’s email address linked to the Skype account.

"Essentially, that email address is used to create a new account with your own email address tied to it. Then, minus a couple of key steps, you can use a password reset token to gain access to your target’s account," it said.

For now, The Next Web advised Skype users to use a different email address for their Skype account.

"Change it over on Skype.com now to one only you know about," it said. — TJD, GMA News

Tags: microsoft, skype, malware, cybersecurity