For a long time Skype was known as one of the most secure voice services on the globe, but not so long ago a serious security flaw was discovered in it, and if it’s not fixed in the nearest future, anyone who knows your email address will be able to hack your Skype account. This hole was discovered by a Russian Skype user who, according to his own words, tried to contact Microsoft and asked them to fix the problem, but he never got any reply.
According to Teqno-Logical’s translation of that Russian guy’s forum post, to use this flaw, one doesn’t even need to be a hacker – it’s enough to know the email of the person whose account needs to be hacked. By registering a new account with the victim’s email, almost anyone who is able to use the Internet and Skype can change the password of the old account tied to that email, and the real owner will never be able to access his/her Skype account again.
The main reason of the flaw is the fact that password reset tokens are now sent to the Skype client; if Skype sent them to the main email tied to the account, the hacker would have to know the email password to hijack the Skype account.
To prevent your account from being hacked, you should change the email addresses tied to all your Skype accounts to new ones that nobody knows or can guess. But anyway, we hope Microsoft will fix this problem soon enough, and we won’t have to change anything.
Right now Microsoft has disabled Skype’s password recovery after receiving a huge number of complaints on hacked accounts. This will prevent other accounts from being hacked, but the problem won’t be solved with this move. Perhaps they will have to disable the Skype notifications on password recovery in future.
Please do let us know if you have come across this security flaw in whilst using Skype?