Update: Skype has now disabled the password reset link, though there is another one that’s supposedly active.
Original Story: A new exploit for VOIP software client, Skype, has been discovered that has the potential to allow anyone to steal anyone else’s account, if they have the person’s login email. Fortunately there’s a few simplesteps you can take to protect yourself.
The vulnerability showed up late yesterday on Russian website Habrahabr, where it was detailed how to gain control of a user’s skype account. Fortunately there’s an English translation with better explanation over at Pixus. All a person needs to do is to make a new account using an email that’s already in use and use the password recovery system to change the password.
To make sure you’re protected while Microsoft works on a fix, the best bet is to change your primary email address. However you don’t want to use one that is publicly known or used on any other service, so the simple thing to do for now would be to make a new account with one of the free services and use that as a temporary placeholder email for Skype only.
Once you have a newly created email, go to the Skype profile management service here, and login with your current information. Head to your profile and add your new email, then click “add email,” again and change your primary address to the new one. Hit save and then remove all other emails but the newly created one. Hit save again and input your password to confirm – make sure you click save, don’t hit Enter or it will not save the information and you’ll have to do it all over again.
KitGuru Says: This should keep your accounts safe for now, but hopefully Skype staffers will have this fixed soon, or the popular client could see a lot of people migrating to competing services.