Simple password reset bug is squashed in Skype mishap
Skype has fixed a security hole which allowed anyone with your email address to hijack the account.
The somewhat embarrassing password reset bug meant anyone with an email address of a Skype user could reset the password via a simple form and without the need to access the associated email inbox. Skype was made aware of the security vulnerability yesterday and has fixed the problem. See also: Skype for Windows 8 review.
Skype said in a blog post: "Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly."
"We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience."
The password reset bug was originally discussed on an underground Russian forum three months ago but got publicised late on Tuesday night, according to The Register.
Microsoft recently announced that it will ditch Windows Live Messenger, aka MSN Messenger, in favour of Skype which it acquired last year.