All the latest UK technology news, reviews and analysis


Skype claims account hijack flaw fixed

14 Nov 2012
Skype logo

Skype said it has addressed a security flaw which had left users vulnerable to account thefts and forced the company to suspend its recovery service.

The company said that the flaw, which came to light Wednesday and was reportedly uncovered by a Russian security researcher several months ago, is now resolved and users can once again request password recoveries.

The vulnerability had allowed an attacker to take over control of an account by simply discovering the target's email address. While Skype has not disclosed how many accounts were compromised, the company said that only a "small number" of users who had multiple accounts on the same email address were affected.

"We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly," the company said.

"We are reaching out to a small number of users who may have been impacted to assist as necessary."

After word of the vulnerability surfaced, security researchers criticised Skype for its insecure procedures. Rik Ferguson, director of security research and communication for Trend Micro, noted that protecting against the flaw as it stood was impractical for many users.

"Before the access to reset passwords was disabled, the only way to protect yourself was to register an entirely separate and secret email address for use with your Skype account," Ferguson wrote.

"This is not only security by obscurity, it could theoretically leave you more open to attacks as you are less likely to investigate regularly the inbox of such little-used addresses."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

Windows 7 end of mainstream support

What are your plans for when Microsoft ends mainstream support for Windows 7 in January 2015?
10%
9%
3%
64%
14%

Popular Threads

Powered by Disqus
LG G3 in gold black and white

LG G3 vs Galaxy S5 video

We pit the two Korean firms' flagship smartphones against each other

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Oracle Developer (PL/SQL) - Bristol

Oracle Developer (PL/SQL) - Bristol My client are...

VM Ware Specialist

Global Financial Services company seeks an experienced...

2nd Line Support Analyst- Windows Server / TCP/IP / DNS / ITIL

2nd Line Support Analyst- Windows Server / TCP/IP / DNS...

Graduate IT Trainee

Our client, a market leader in software Development...
To send to more than one email address, simply separate each address with a comma.