Skype hack steals accounts with nothing more than your email

A Skype security flaw could allow rogue users to seize control of your account using nothing more than your email address, thanks to subpar recovery policies that can be easily gamed. The exploit depends on Skype’s policy of reminding new sign-ups of any existing usernames they have previously registered, when they attempt to re-register using the same email address. According to The Next Web, with a minor amount of tinkering, it’s possible to reset another user’s password and thus grab hold of their account.

Although a signed-in user will be able to see when somebody else attempts the hack, they would need to react fast in order to actually prevent themselves from being locked out. If they were not logged in at the time, or not paying sufficient attention, then they could have their Skype credentials usurped – along with any credit on that account – without them even realizing it had happened.

Skype is apparently conducting an “internal investigation” into the loophole, though for now there’s no official comment on when it might be closed off. The hack was first reported on a Russian forum roughly two months ago, it’s said, with the person responsible for discovering the exploit claiming to have told Skype about it with no apparent change in recovery security.

For the moment, the best advice is to change your registered email in the Skype settings to something that might not be associated with your account. That reduces the likelihood, though we’ll need to see a change in how accounts are handled by Skype itself before the hack is closed down for good.

Update: More complete instructions for the workaround can be found here, courtesy of Reddit:

Log in on skype.com
Go to the profile, click Edit and add an email address an attacker won’t guess. (Or [email protected] if you’re using Gmail)
Click Save
Click Edit again, set the new address as Primary
Click Save, enter the password and click the Enter button
Delete the old email

Update 2: Skype has given us the following statement:

“We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority”

Skype hack steals accounts with nothing more than your email is written by SlashGear.
© 2005 – 2012, SlashGear. All right reserved.


Related posts

Latest posts

I talked to the brand that’s revolutionizing silicon battery tech

Silicon-carbon batteries are showing how our phones can last longer, and the tech is set to get even better next

The massive Samsung Odyssey G9 is almost half off today

The 49-inch Samsung Odyssey OLED G9 gaming monitor is originally sold for $2,200, but it's on sale from Samsung with a $900 discount right now.

This budget-friendly Allied gaming PC is on sale for just $600

The Allied Stinger gaming PC with the Nvidia GeForce GTX 1050 Ti graphics card is already affordable at $880, but it's even more so after a $280 discount from Best Buy.

3 great Hulu movies you need to stream this weekend (May 16 – 18)

Get ready to spend the weekend on Hulu with Mission: Impossible - Rogue Nation and two other great movies!

Being a detective in VR is even better than playing Phoenix Wright

Ghost Town and Shattered are two amazing detective games set in very different scenarios, all playable only on the Meta

Sony, Post Malone partner for the WH-1000XM6 headphones that wrap you in music

Sony detailed the launch of its new noise-cancelling headphones that step up sound quality with rich, immersive audio.

How to use Nothing’s Essential Space

Nothing has a new AI tool called Essential Space for the Phone 3a series, and it can do a lot

Samsung might chase battery tech that’s a little ‘SUS,’ going against old rumors

A report alleged Samsung seeks a different battery material to finally upgrade its Galaxy phones.

Galaxy S25 FE rumors advance with talk of a selfie camera upgrade

Samsung was rumored to have a selfie camera upgrade planned for the Galaxy S25 FE.

Redmagic’s 5,000mAh power bank doubles as a 65W GaN charger

Redmagic's 3-in-1 Go Power Bank combines a 5,000mAh battery with 65W GaN charging, making it a decent choice if you're