Skype Disables Password Reset After Security Flaw Was Discovered
Published on: 14th Nov 2012
Note -- this news article is more than a year old.
VoIP based telephone service Skype has been forced to suspend its password reminder facility after a security flaw was found in the service.
The problem was highlighted three months ago on a Russian website, but Skype only took action when it was reprinted on the vastly larger Reddit website, which drew considerable attention to the problem.
Skype said that it is looking into the bug, which could have allowed people to see old text message conversations, access voicemails and user account details.
"As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority." wrote Skype engineer Leonas Sendrauskas.
The flaw was related to how a third-party person can open an account and log-in, using another person's email account, then while logged in, reset the password in their own Skype application. When reset, they can then hijack the Skype application to log in as if they are the target user themselves.
On the web: Reddit