Something is wrong in the security department of these large companies. After Facebook and Twitter, we now have Microsoft’s Skype failing to protect its loyal users. A new security flaw discovered by a set of talented hackers shows that it is possible to hack Skype account in a matter of minutes.
The Russian hackers demonstrated the hack in a few simple steps, which was later confirmed by Emil from TNW. To gain control over anyone’s Skype account, the email address and Skype username of the victim is required.
First, the person uses victim’s email address to register a fake account at Skype. Next the hacker goes to the “Reset Password“ page to request a new password. As there are two accounts now (one real and the other fake), Skype asks for the username. Depositing the username in that page takes the hacker to a “enter your new password” page.
The hacker can use a new password to permanently boot the real user out of his/her Skype account.
Password reset can be initiated through Skype’s desktop application as well. Stealing Skype account was never this easy.
We don’t know how many users are bearing the brunt of this unfortunate security flaw. It is still unclear whether the real user locked out of his/her Skype account received an email about “password reset“ or not, but we believe Microsoft will fix the security hole very soon.
The Next Web also mentions that users should change the email address of their Skype account.
Update: Microsoft disabled the “Reset Password“ page and are working on fixing this glitch. No need to change your email address. The Verge received a statement from Microsoft: “We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority”