Meanwhile in Russia, Anyone Can Hack Skype!

November 15th, 2012 at 11:15 am
 


A member of a Russian tech forum posted that he spotted a serious security hole in Skype. In fact, he revealed that anyone can hack any Skype account just by using the e-mail address of the account owner. We’re unsure whether he found it by accident, but all Skype chatters (and even Microsoft) should be concerned about it.

The user listed how to exploit the security flaw and it turned out to be very simple even to the most casual Skype users. Register a new Skype account using the e-mail address of the victim. Obviously, the program will say such an address has already been used, but continue filing the registration nonetheless. Log in with your new profile and add your own e-mail address as an additional one.

After which, log in to the Skype client and delete all cookies. Finally, use Skype’s password reset form to change the passwords of all profiles tied to the victim’s e-mail address. With that, you have just hacked another person’s Skype account and is now vulnerable from being exploited.

The user who discovered this security flaw claimed he wrote a message to Microsoft’s support page, but he did not get any reply from them. The security hole remained unfixed for several days, leaving an opportunity to those who have read his instructions to try if it worked and it did.

“If you want to protect your Skype account from being hacked, you should register a new email address unknown to anyone and make it the default email of your Skype account,” wrote Amelia Hunter for Teqno-Logical. “Make sure nobody knows about this new email until Microsoft fixes this flaw.”

A Russian publication reported that Microsoft has so far disabled password recovery for Skype. This is just a temporary solution and Microsoft needs to fix the system as soon as possible.

Source: XecSec.com, via Teqno-Logical

 

Tags: ,