Skype has suspended its password reset page following a vulnerability with the service being posted on Reddit, reports the BBC.
The vulnerability, which allows unauthorised users to reset a Skype password and hijack a Skype account using only the victim’s email address, was made known several months ago on a Russian blog but action was only taken once the details were posted to the front page of the internet.
Skype engineer Leonas Sendrauskas wrote in a status update for the service “We have had reports of a new security vulnerability issue. As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority.”
Skype pulled down the password reset page after website The Next Web confirmed the vulnerability and contacted the company regarding the flaw.
Source: BBC