All the latest UK technology news, reviews and analysis

Skype investigating critical hacker hijacker flaw

14 Nov 2012

Skype has begun investigating reports of a critical flaw that allowed attackers to hijack control of some users' account.

News of the vulnerability broke on Tuesday evening, though Skype only admitted it was aware of the issue on Wednesday.

"We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further," Skype said in a statement.

"We apologise for the inconvenience but user experience and safety is our first priority."

The vulnerability allowed third parties to gain control of a Skype user's account using the service's password reset feature.

"The way it worked was that you would create a new Skype account with the same email as your target - say,," explained F-Secure security chief Mikko Hypponen.

"Then you would issue a password reset request for the account you just created. Skype would then prompt you to pick which account you would like to reset and then the attacker would select the Skype name of the target and his Skype password would be reset - easy."

Hypponen said that disabling the reset service should be enough to stop hackers exploiting the vulnerability.

"Microsoft has now disabled the password reset link on, so the vulnerability doesn't not seem to be there anymore," Hypponen told V3.

The exploit's discovery follows an increase in criminal's interest in the chat service. Prior to it security firm Trend Micro discovered the dorkbot ransomware targeting the Skype users.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

BYOD vs CYOD vs BYOC poll

Which approach is your firm taking to managing employees' mobile devices?

Popular Threads

Powered by Disqus
Sony Xperia Z2 Tablet powered by Android KitKat 4.4

Sony Xperia Z2 Tablet video

We take a look at the lightweight, waterproof tablet

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Data protection: the key challenges

Deduplication is a foundational technology for efficient backup and recovery


iPad makes its mark in the enterprise

The iPad can become a supercharged unified communications endpoint, allowing users to enhance their productivity

Software Development Manager (Agile, LAMP, MySQL, SDLC, Web)

Software Development Manager (Agile, LAMP, MySQL, SDLC...

C# .NET SQL Developer (.NET 4.5, MVC, JavaScript, SharePoint) L

C# .NET SQL Developer (.NET 4.5, MVC, JavaScript, SharePoint...

Developer / Analyst Programmer (C#, VB.NET, SQL, Sharepoint)

Developer / Analyst Programmer (C#, VB.NET, SQL, Sharepoint...

Infrastructure Support Analyst - Exchange 2010, Citrix XenApps, Projects, Prince2

Infrastructure Support Analyst – Exchange 2010, Citrix...
To send to more than one email address, simply separate each address with a comma.