Wednesday, November 14, 2012

PSA Security & Hacking: Skype Password Reset Exploit

Edited to add:  Skype is Patched now
Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.


This story is breaking all over net now, I like Sophos Naked Security's article the best

They refer to this article

Supposedly this has been used in the wild for months, evidently posted about on Russian forums that long ago.

Official Skype statement from
We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority 

Don't have any other details to provide at the moment.

No comments:

Post a Comment