All the latest UK technology news, reviews and analysis


Skype claims account hijack flaw fixed

14 Nov 2012
Skype logo

Skype said it has addressed a security flaw which had left users vulnerable to account thefts and forced the company to suspend its recovery service.

The company said that the flaw, which came to light Wednesday and was reportedly uncovered by a Russian security researcher several months ago, is now resolved and users can once again request password recoveries.

The vulnerability had allowed an attacker to take over control of an account by simply discovering the target's email address. While Skype has not disclosed how many accounts were compromised, the company said that only a "small number" of users who had multiple accounts on the same email address were affected.

"We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly," the company said.

"We are reaching out to a small number of users who may have been impacted to assist as necessary."

After word of the vulnerability surfaced, security researchers criticised Skype for its insecure procedures. Rik Ferguson, director of security research and communication for Trend Micro, noted that protecting against the flaw as it stood was impractical for many users.

"Before the access to reset passwords was disabled, the only way to protect yourself was to register an entirely separate and secret email address for use with your Skype account," Ferguson wrote.

"This is not only security by obscurity, it could theoretically leave you more open to attacks as you are less likely to investigate regularly the inbox of such little-used addresses."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 10 poll

What are your first impressions of Windows 10?
12%
5%
10%
3%
19%
3%
48%

Popular Threads

Powered by Disqus
V3 Sungard roundtable event - Cloud computing security reliability and scalability discussion

CIOs debate how to overhaul businesses for the digital era

V3 hosts roundtable with Sungard Availability Services

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

PHP developer, web developer

PHP Developer, Web Developer Brighton, East Sussex...

C# Developer, Support Developer (Fluent German Speaker)

C# Developer, .Net Developer who is fluent in German...

Development Team Leader (Java, Perl)

Development Team Leader (Java, PERL) Brighton, East...

Graduate Software Developer

Graduate Software Developer The Company Our client...
To send to more than one email address, simply separate each address with a comma.