File this under pretty damn serious: Russian hackers have found a way to access any Skype account and take full control using just an email address, and the methods used were confirmed to be still working by The Next Web when they tested the exploit for themselves. The method in question can lead to the hijacker changing the password on a Skype account which has been accessed, and then the original owner would no longer have control.
For the moment, Skype has disabled password resets, which was one of the major steps to full control of a hijacked account. If you are paranoid about your account anyway, you can follow these steps to change your email address:
- Go to skype.com and log in
- Go to your profile and add a new email address that a hacker wouldn't be able to guess
- Click Save, then click Edit again and set the address as Primary
- Click Save, enter your password, click (specifically) the Enter button
- Delete your old email address from Skype
One of the big issues with this security flaw is that Skype stores full conversation histories in the cloud, so a person with malicious intent could hijack an account to look through private and personal conversations. It appears as though the hacking method is being addressed as we type, with Microsoft releasing the following statement (via The Verge):
We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority
Expect a full statement on the cause of the issue sometime soon.
Source: The Next Web
19 Comments - Add comment