Mobile messaging, calling and video service Skype was forced to turn off the ability for users to reset their passwords on Wednesday. The move came about after a Russian hacker posted a method for easily stealing user accounts.
The hack was posted on a Russian forum nearly two months ago but only just discovered by the team at Microsoft.
The vulnerability has been called “easy to reproduce” by the team at The Next Web.
Once a user’s password is known the hack was possible, experts at the time of the discovery urged users to choose an email that nobody else knew.
On it’s Heartbeat status blog Skype engineers said they began working on the issue and hoped to have password resets active as quickly as possible.
In a secondary post Skype quickly announced:
“Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address.”
The post then added:
“We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary.”
Password issues have become a big problem for many top websites and technology platforms as simple security vulnerabilities continue to show up. From unhashed passwords to simple email issues, company’s either need to increase their security know-how or face the consequences of their lack in security.
Skype has not said how many accounts were affected by the security flaw or how many accounts may have been compromises because of the platform hack.
Are you worried about the state of software security?
[Image via zintro]