All the latest UK technology news, reviews and analysis


Skype claims account hijack flaw fixed

14 Nov 2012
Skype logo

Skype said it has addressed a security flaw which had left users vulnerable to account thefts and forced the company to suspend its recovery service.

The company said that the flaw, which came to light Wednesday and was reportedly uncovered by a Russian security researcher several months ago, is now resolved and users can once again request password recoveries.

The vulnerability had allowed an attacker to take over control of an account by simply discovering the target's email address. While Skype has not disclosed how many accounts were compromised, the company said that only a "small number" of users who had multiple accounts on the same email address were affected.

"We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly," the company said.

"We are reaching out to a small number of users who may have been impacted to assist as necessary."

After word of the vulnerability surfaced, security researchers criticised Skype for its insecure procedures. Rik Ferguson, director of security research and communication for Trend Micro, noted that protecting against the flaw as it stood was impractical for many users.

"Before the access to reset passwords was disabled, the only way to protect yourself was to register an entirely separate and secret email address for use with your Skype account," Ferguson wrote.

"This is not only security by obscurity, it could theoretically leave you more open to attacks as you are less likely to investigate regularly the inbox of such little-used addresses."

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Shaun Nichols
About

Shaun Nichols is the US correspondent for V3.co.uk. He has been with the company since 2006, originally joining as a news intern at the site's San Francisco offices.

More on Security
What do you think?
blog comments powered by Disqus
Poll

IT curriculum poll

With coding now compulsory in schools, how important are digital skills for the next generation of school leavers?
65%
8%
18%
9%

Popular Threads

Powered by Disqus
V3 Security Summit

V3 Security Summit Day 2: Botnet, skills and BYOD intelligence incoming

Keep V3 bookmarked for news updates on all the key security concerns and topics facing businesses

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Moodle Developer - (PHP ,Linux, Apache, MySQL, Moodle)

Moodle Developer (PHP ,Linux, Apache, MySQL, Moodle...

Moodle Developer (PHP ,Linux, Apache, MySQL, Moodle)

Moodle Developer (PHP ,Linux, Apache, MySQL, Moodle...

Moodle Developer (PHP ,Linux, Apache, MySQL, Moodle)

Moodle Developer (PHP ,Linux, Apache, MySQL, Moodle...

Business Systems Analyst / Consultant (SQL, Data Analysis)

Business Systems Analyst / Consultant (Varied & Challenging...
To send to more than one email address, simply separate each address with a comma.