Friday, November 16, 2012
Security hole allows anyone to hijack your Skype account
The hijack is triggered by signing up for a new Skype account using the email address of another registered user.
No access to the victim's inbox is required one just simply needs to know the address. Creating an account this way generates a warning that the email address is already associated with another user, but crucially the voice-chat website does not prevent the opening of the new account.
Then hacker just have to ask for a password reset token , which Skype app will send automatically to your email, this allows a third party to redeem it and claim ownership of your original username and thus account. The issue was reportedly documented on Russian forums months ago, and appears to have been easy to exploit.
Skype appears to have pulled its password reset page, stopping this flaw in its tracks and said, "We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority"
For quick security of your account, users should change associated e-mail address of your Skype account.