Skype Security Hole Allows Anyone to Hijack Your Account Using Only Your Email Address
This is a major security flaw in Skype, this massive hole allows anyone with your Skype name and email address to gain access to your account and cause havoc. For now Microsoft has blocked the page that allowed this from happening as they work on a fix. But knowing something crazy like this was out there and ready to take over vast amounts of accounts, it was scary.
This exploit has been around for a couple months now, a Russian forum foretold of the security flaw and even contacted Microsoft with this information, and until today had not done anything about it. For sake of users and sites which this exploit could be reproduced on, we will not link to any of the forums or information on how exactly to reset the account.
The flaw was very straight foward and very simple, all that was needed was the users Skype name and email address. From there it was some specific prompts that you had to click through in the recovery options and bam, you had access to someone elses account. Microsoft seems to have finally taken notice of the attack after mass publication and have taken down the methods used to produce this hole.
The talented team over at The Next Web were able to confirm and reproduce this security hole many times with success to prove to Microsoft that this existed.
The main part in this hole is Microsoft’s system of recovering data, if you know your Skype email address you can have it send you an email to remind you of your username. But, if you wanted to recover your password, within the Skype app itself you can recover it without any intervention from your email address at all, and there was the problem.
For the moment it looks like Microsoft has the situation under control and have disabled this flaw and is addressing it currently.