Breaking News

DJI Brings World First to the Sky with Mini 5 Pro GAMEMAX introduces N90 case with LED DOT Matrix Display and Wood Aesthetics HighPoint Upgrades RocketStor 8000 Series eGPU Enclosures with 850W PSU and Smart Cooling Solution for Gen5 GPUs AMD Introduces EPYC Embedded 4005 Processors for Low-Latency Applications at the Edge ADATA Launches SD820 and SC735 External Solid-State Drives

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Skype Tackles Hack Vulnerability (updated)

Skype Tackles Hack Vulnerability (updated)

Enterprise & IT Nov 14,2012 0

Skype has suspended its password reset function after reports that the feature could be used to hijack the service's accounts. The vulnerability, which emerged on a Russian blog about three months ago, could have exposed answerphone messages, old text message conversations and user details including date of birth.

Skype is looking into the problem.

"We have had reports of a new security vulnerability issue," said engineer Leonas Sendrauskas.

"As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority."

The hack involves using a victim's Skype-registered email address to create a new account which is also linked to an email account owned by the attacker.

If a password change is then requested using the target's username, the hijacker can access the resulting reset token via the Skype app itself using the newly-created bogus log-in.

The security hole was confirmed by The Next Web.

The news comes amid Microsoft's efforts to convince members of its Windows Live Messenger chat tool to switch to Skype.



Update

After temporarily removing the ability to reset passwords while it worked on a solution, Skype has now issued a fix for the security bug. The company also issued the following statement:

"Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience."

Tags: Skype
Previous Post
Google Fiber Installations In Kansas Homes Started
Next Post
WD Unveils 802.11AC Wireless Router and Bridge for Maximum Wi-Fi Speeds

Related Posts

  • Skype's 'Meet Now' Calls Don't Need a Sign-up

  • EU Countries Disagree on Privacy Rules for WhatsApp, Skype

  • Skype's Screen Sharing Goes Mobile

  • New Skype for Web Released But Not For Safari, Firefox or Opera Browsers

  • Skype Introduces Background Blur Feature

  • Apple Removes Skype and Other Apps in China

  • Cortana is Coming to Your Skype Chat Window

  • Skype and PayPal team up with new Send Money feature

Latest News

DJI Brings World First to the Sky with Mini 5 Pro
Drones

DJI Brings World First to the Sky with Mini 5 Pro

GAMEMAX introduces N90 case with LED DOT Matrix Display and Wood Aesthetics
Cooling Systems

GAMEMAX introduces N90 case with LED DOT Matrix Display and Wood Aesthetics

HighPoint Upgrades RocketStor 8000 Series eGPU Enclosures with 850W PSU and Smart Cooling Solution for Gen5 GPUs
Enterprise & IT

HighPoint Upgrades RocketStor 8000 Series eGPU Enclosures with 850W PSU and Smart Cooling Solution for Gen5 GPUs

AMD Introduces EPYC Embedded 4005 Processors for Low-Latency Applications at the Edge
Enterprise & IT

AMD Introduces EPYC Embedded 4005 Processors for Low-Latency Applications at the Edge

ADATA Launches SD820 and SC735 External Solid-State Drives
PC components

ADATA Launches SD820 and SC735 External Solid-State Drives

Popular Reviews

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

Terramaster F8-SSD

Terramaster F8-SSD

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Pure Base 501

be quiet! Pure Base 501

Akaso 360 Action camera

Akaso 360 Action camera

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed