Skype resolves major e-mail security flaw

Published Date
15 - Nov - 2012
| Last Updated
15 - Nov - 2012
Skype resolves major e-mail security flaw

Skype has fixed an e-mail and security bug that made it possible to take over users accounts.

The flaw, recently revealed on a blog earlier this week, allowed anyone to create a Skype account using the same e-mail address as that of the intended victim. The bug let that person reset the password for all associated accounts, and lock out the original Skype account user.

As a precautionary measure, Skype pulled its password reset page, hoping to keep hackers away from exploiting the flaw. According to the latest blog post from Skype, the company has managed to fix the security bug shortly after revealing it.

“Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly,” says the company in a blog post.

“We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.”

Skype users can now reset their passwords via the password reset page, available from their account profile.

The development comes amid Microsoft's plans to replace its Windows Live Messenger with Skype. The company plans to phase out WLM by March 2013, across the world.

Also read,