Skype fixes major security flaw, re-enables password resets
Nov 14, 2012 (Los Angeles Times - McClatchy-Tribune Information Services via COMTEX) --
Skype has fixed a security flaw that made it possible for hackers to reset passwords simply with a user name and an email address.
The Microsoft-owned video-chatting service temporarily disabled users' ability to reset passwords after tech news site The Next Web gave Skype a heads-up on the security hole.
"We apologize for the inconvenience but user experience and safety is our first priority," Skype told TNW.
TNW wrote that instructions for the hack were posted on a Russian online forum two months ago. The news site chose not to link to the forum because the hack "is very easy to reproduce," and indeed, TNW said it tested out the hack multiple times and successfully took over a pair of its staffers' Skype accounts.
After being alerted, Skype disabled password resets while it investigated and fixed the issue. Now, the security hole has been fixed and users can reset their passwords once again if they want, the service told The Times.
"We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly," Skype said in a statement posted online Wednesday morning. "We are reaching out to a small number of users who may have been impacted to assist as necessary."
It appears that in order to reset your password, you must know your email address and have access to your email inbox.
___ (c)2012 the Los Angeles Times Visit the Los Angeles Times at
www.latimes.com Distributed by MCT Information Services
[ Back To TMCnet.com's Homepage ]