Hackers have discovered a new vulnerability in Skype that could allow anyone to practically reset any Skype account if the email associated is known.
The vulnerability which first surfaced on Russian hacker forums was first reported by The Next Web. The Next Web has verified the vulnerability and was able to successfully reproduce the hack twice. The hack basically includes creating a secondary account using the target’s email id associated with Skype. Using this secondary account, one can access the original Skype account and change the password of the target.
Microsoft has since acknowledged the issue and at the moment, they have taken down the Password reset page from Skype’s website.
We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority.
This issue is only applicable to Skype accounts while Microsoft accounts which can also be used to login to Skype are safe from this vulnerability.