backtop


Print


  (Source: ubergizmo.com)
Hackers could take over accounts with only an email address

Skype had a security flaw that allowed hackers to access and control accounts with only the help of an email address. 

The Next Web learned of the security hole and reproduced the attack to see if it worked. The Next Web writer Emil Protalinski used co-worker Josh Ong as a pretend target, where he created a new Skype account with Ong's email address and tied his own to it as well. 

A couple of steps later, Protalinski was able to see both his new username with Ong's email address as well as Ong's original username. More importantly, he received the option to change the password to Ong's account. 

From there, Protalinski changed the password and locked Ong out of his account. He couldn't log back in until given the password by Protalinski.

"The reason this works is simple, but it’s still worrying," wrote Protalinski. "When you use an existing email address to sign up with Skype again, the service emails you a reminder of your username, which is okay, since no one else should have access to your email. Unfortunately, because this method enables you to get a password reset token sent to the Skype app itself, this allows a third party to redeem it and claim ownership of your original username and thus account."

The Next Web contacted Microsoft, which owns Skype, about the vulnerability. Microsoft responded saying that it was conducting an internal investigation. Later, it plugged the security hole and said only a "small number of users" had been affected. 

Here is Microsoft's statement to The Next Web:

Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly.

We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.

Source: The Next Web





"If they're going to pirate somebody, we want it to be us rather than somebody else." -- Microsoft Business Group President Jeff Raikes







Latest Blog Posts
Around the World
Saimin Nidarson - Feb 18, 2017, 5:48 AM
News of Future
Saimin Nidarson - Feb 17, 2017, 6:30 AM
Some News
Saimin Nidarson - Feb 14, 2017, 5:36 AM
What's New?
Saimin Nidarson - Feb 10, 2017, 6:15 AM
Unleashed News
Saimin Nidarson - Feb 9, 2017, 6:00 AM
Eye catching news
Saimin Nidarson - Feb 8, 2017, 6:16 AM
Some World News
Saimin Nidarson - Feb 7, 2017, 6:15 AM
Today’s news
Saimin Nidarson - Feb 6, 2017, 10:11 AM
Some News
Saimin Nidarson - Feb 5, 2017, 7:27 AM
Notes and News
Saimin Nidarson - Feb 4, 2017, 5:53 AM
World News
Saimin Nidarson - Feb 3, 2017, 5:30 AM
Gadget News
Saimin Nidarson - Feb 2, 2017, 7:00 AM
News Around The World.
Saimin Nidarson - Feb 1, 2017, 7:20 AM
Some News
Saimin Nidarson - Jan 31, 2017, 7:57 AM
Tips of Today
Saimin Nidarson - Jan 30, 2017, 6:53 AM
What is new?
Saimin Nidarson - Jan 29, 2017, 6:26 AM






botimage
Copyright 2017 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki