Skype fixes major security flaw, re-enables password resets
Skype has fixed a security flaw that made it possible for hackers to reset passwords simply with a user name and an email address.
The Microsoft-owned video-chatting service temporarily disabled users’ ability to reset passwords after tech news site The Next Web gave Skype a heads-up on the security hole.
“We apologize for the inconvenience but user experience and safety is our first priority,” Skype told TNW.
TNW wrote that instructions for the hack were posted on a Russian online forum two months ago. The news site chose not to link to the forum because the hack “is very easy to reproduce,” and indeed, TNW said it tested out the hack multiple times and successfully took over a pair of its staffers’ Skype accounts.
After being alerted, Skype disabled password resets while it investigated and fixed the issue. Now, the security hole has been fixed and users can reset their passwords once again if they want, the service told The Times.
“We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly,” Skype said in a statement posted online Wednesday morning. “We are reaching out to a small number of users who may have been impacted to assist as necessary.”
It appears that in order to reset your password, you must know your email address and have access to your email inbox.
The view from Sacramento
Sign up for the California Politics newsletter to get exclusive analysis from our reporters.
You may occasionally receive promotional content from the Los Angeles Times.