A flaw in Skype`s password recovery tool enables attackers to hack accounts by using the email address of the victim. Just by following a six-step tutorial put together by the Russian team who discovered the Skype vulnerability, even users with no tech savvy can hack into friends` accounts as long as they know the assigned email address.
Besides posting the vulnerability, they also added some instructions to prevent attacks on user accounts by means of the new exploit. Using a different email address and setting it up as “Primary email” will keep users safe from Skype`s password recovery bug.
A Skype spokesperson followed up on the incident by releasing a statement confirming that the company took the password reset option offline while investigating the matter. Although they apologized for the inconvenience, finding a patch for the vulnerability is now a top concern.
“We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further,“ said a Skype spokesperson. “We apologize for the inconvenience but user experience and safety is our first priority.“
An internal investigation conducted by both Microsoft and Skype is currently underway and users are protected for as long as the password reset tool has been taken offline.
tags
Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past few years.
View all postsNovember 14, 2024
September 06, 2024