All the latest UK technology news, reviews and analysis

Skype claims account hijack flaw fixed

14 Nov 2012
Skype logo

Skype said it has addressed a security flaw which had left users vulnerable to account thefts and forced the company to suspend its recovery service.

The company said that the flaw, which came to light Wednesday and was reportedly uncovered by a Russian security researcher several months ago, is now resolved and users can once again request password recoveries.

The vulnerability had allowed an attacker to take over control of an account by simply discovering the target's email address. While Skype has not disclosed how many accounts were compromised, the company said that only a "small number" of users who had multiple accounts on the same email address were affected.

"We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly," the company said.

"We are reaching out to a small number of users who may have been impacted to assist as necessary."

After word of the vulnerability surfaced, security researchers criticised Skype for its insecure procedures. Rik Ferguson, director of security research and communication for Trend Micro, noted that protecting against the flaw as it stood was impractical for many users.

"Before the access to reset passwords was disabled, the only way to protect yourself was to register an entirely separate and secret email address for use with your Skype account," Ferguson wrote.

"This is not only security by obscurity, it could theoretically leave you more open to attacks as you are less likely to investigate regularly the inbox of such little-used addresses."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols

Shaun Nichols is the US correspondent for He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus

Green IT poll

How important is it to your business that a cloud provider uses renewable energy like solar or wind to power their data centres?

Popular Threads

Powered by Disqus
Galaxy S5 vs Nexus 5 head to head review front

Galaxy S5 vs Nexus 5 video review

We compare Samsung and Google's top devices

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Senior Java Developer - Financial Big Data - Risk + Compliance

Senior Java Developer - Core Java, Multi Threading, Concurrency...

2014 Financial Software Development - London - Entry Level

Do you want to write industry-leading software relied...

SQL Developer (TSQL, SSRS, SSAS) Fund Manager - London

SQL Developer (TSQL, SSRS, SSAS) Fund Manager - London...

Software Developer (JavaScript, TDD, Jasmine, Angular.JS)

Software Developer (JavaScript, TDD, Jasmine, Angular...
To send to more than one email address, simply separate each address with a comma.