Skype has taken down its password reset page as it deals with a password reset exploit that can give suspicious types access to your account with only your email address. The issue was first spotted on Russian forums months earlier, but TNW has since been able to replicate the same, apparently easy to reproduce, vulnerability. Before Skype withdrew its password reset page, the only way to avoid the problem was to change your email address to something unknown by anyone. According to Skype's Heartbeat status blog, it's now investigating the issue further.
Update: Skype has released a second statement: "Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address.
"We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary."
Filed under: Microsoft
Skype disables password reset page to deal with email-based security 'vulnerability' (update) originally appeared on Engadget on Wed, 14 Nov 2012 05:42:00 EDT. Please see our terms for use of feeds.
Permalink | | Email this | CommentsSource: http://feeds.engadget.com/~r/weblogsinc/engadget/~3/kgEO2D0Blps/
slither naacp glen campbell jerusalem artichoke bud shootout aretha franklin stevie wonder
Thanks for the article. We all need to be more proactive about our personal account security. One thing you failed to mention is taking advantage of the 2FA (2-Factor Authentication). Although it’s been around for a while, more and more sites are starting to offer and promote this option. 2-Factor Authentication to complete a transaction while shopping online wins every day. I feel suspicious when I am not asked to telesign into my account by way of 2FA, it just feels as if they are not offering me enough protection. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your info is secure. This should be a prerequisite to any system that wants to promote itself as being secure.
ReplyDelete