Skype disables password resets over big security flaw

Skype has disabled the account password reset option on its website following reports that the feature can be abused to hijack Skype accounts if the attackers know the email addresses associated with them.

Due to this vulnerability, it's possible for a hacker to sign up to Skype for a new account using the same email address as the target. The hacker can then reset the password, not just for that account, but for all accounts with that email address.

"We have had reports of a new security vulnerability issue," wrote engineer Leonas Sendrauskas." As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience but user experience and safety is our first priority."

The problem was first documented on a Russian forum two months ago. The people who uncovered the flaw reportedly told Skype about it, but the company apparently failed to address the matter until now.

Read more -here-

• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data
• Federal regulators accuse Amazon executives of deleting messages
• FCC restores net neutrality rules