Microsoft Changes Password System to Deter Skype Hacks
Technology Editor, CNBC.com
Microsoft has updated the password-resetting process for its Skype ervice after it was revealed that a flaw in the system made users' Skype accounts vulnerable to hacking.
"This issue affected some users where multiple Skype accounts were registered to the same email address," the company posted on its status blog. "We suspended the password reset feature temporarily this morning as a precaution, and have made updates to the password reset process today so that it is now working properly."
Microsoft did not immediately respond to a request for comment on how many users were affected. However, the company apologized on its blog for inconveniencing users, and stated that it was reaching out to "a small number of users who may have been impacted."
Microsoft's update to the system came after a report from a Russian-language forum post stated that Skype users could be easily hijacked if the attacker had access to just the user's email address.
According to the post, a hacker could register a new account with a Skype's user's email address. Once they logged into the program, the intruder could then use the password reset feature to change the passcode and take over the account.
Microsoft has been pushing users of its Windows Live Messenger to link their application to their Skype accounts. The company plans kill off its Windows messaging system worldwide in the first quarter of 2013, and just use Skype as its messaging service.