Update: Skype has informed us that the security flaw is now resolved and that the password reset process has been updated accordingly. Check out Skype’s official statement after the break.
Skype users have something to worry about. Russian hackers found out that anyone can hack a user’s Skype account by using the email address tied to that account. When a person knows the email address of a Skype user, he or she can use that email address to create a new Skype account. Obviously Skype cannot create a new account from the email address because it’s already being used.
The problem is, as noted by The Next Web, is that by doing so, it allows the hacker to get a password reset token which is then sent to the Skype app itself. This allows a person to redeem the token and eventually claim ownership of the account. For now, it seems that the only way to avoid this flaw is to change the email address on Skype.
Skype previously released a statement following the reports saying, “We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority.”
Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.