It looks like Skype has another big hole in their security. According to
reports, a security hole makes Skype accounts vulnerable to
hijacking. The security hole allows unauthorized users with knowledge of
your Skype-connected email address to change the password on your Skype
account, thus gaining control of it.
The hijack is triggered by signing up for a new Skype account using the
email address of another registered user. No access to the victim's
inbox is required one just simply needs to know the address. Creating an
account this way generates a warning that the email address is already
associated with another user, but crucially the voice-chat website does
not prevent the opening of the new account.
Then hacker just have to ask for a password reset token , which Skype
app will send automatically to your email, this allows a third party to
redeem it and claim ownership of your original username and thus
account. The issue was reportedly documented on Russian forums months ago, and appears to have been easy to exploit.
Skype appears to have pulled its password reset page, stopping this flaw in its tracks and said, "We
have had reports of a new security vulnerability issue. As a
precautionary step we have temporarily disabled password reset as we
continue to investigate the issue further. We apologize for the
inconvenience but user experience and safety is our first priority"
For quick security of your account, users should change associated e-mail address of your Skype account.
No comments:
Post a Comment