Skype is finally taking necessary precautions for protect their users from potential dangers after hackers exploited a security flaw on the video-chat program.
Although the company reports that just a small number of users have been affected, they are still working on the investigation. Leonas Sendrauskas from Skype said, “Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution, and have made updates to the password reset process today so that it is now working properly.”
The problem first surfaced late last summer, when one Russian hacking forum brought the problem to light. Just yesterday, a user on the very same forum mentioned that the issue was not solved. Only on Wednesday did Skype acknowledge the issue and promise a solution.
Hackers can exploit this loophole with just the user’s email address. They use the same email address to create another account, and use the password reset token to regain access to the user’s account, while locking out the original owner. Hackers could easily hack into a user’s account just to access the user’s birthday or other potentially sensitive information.
Sendrauskas also explained, “We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.”
It’s interesting that Skype didn’t act until recently, although it’s possible that they might have not heard about the problem beforehand. The only thing that really matters now is that they are trying to do something about it now.