Bloggers Reveal Flaw in Skype Security Settings

A glitch in the security settings on online phone service Skype meant that users' accounts were vulnerable to hacking for months, bloggers said.

Attention was initially drawn to the issue on Russian hacker forum Xeksec.com after users demonstrated how to hack into a Skype account using only the user's registered e-mail address.

A hacker could then use that e-mail address to create a new Skype account and use the password reset function to gain access to the user's original account.

Since not all users are paying subscribers and rarely have large sums of money on their accounts, the consequences of the Skype security glitch would vary from user to user. However, account-holders' instant message history and personal details such as dates of birth would have been instantly accessible to a hacker.

An unidentified Skype user told business daily Vedomosti that they had informed Skype of the problem a couple of months ago but that it had not been resolved.

On Wednesday, Skype said it had "concerns surrounding the security of the password reset feature" and temporarily suspended the function.

Skype's decision to act comes after a hacking guide appeared Tuesday on Habrahabr.ru that attempted to gain access to the accounts of prominent bloggers including Alexei Navalny and Anton Nossik.

According to Vedomosti, Nossik was woken at 5 a.m. by a call from a hacker warning him about the problem. Navalny has since said on his Twitter page that he had deleted his Skype account.

Skype said in a separate statement Wednesday that it had fixed the flaw, adding that it was investigating complaints by "a small number of users." Skype has more than 600 million registered users worldwide.

Related articles:

Read more