Skype password reset vulnerability fixed, 'small number of users' affected
A password reset vulnerability that was reported by TNW prompted Skype to scramble to protect its users from having their accounts compromised today. The Microsoft-owned communications company issued a zero day fix on Wednesday which protects users with multiple Skype accounts attached to a single email address.
"Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience."
This vulnerability caused Skype to temporarily disable its password reset functionality earlier today.
Users began to complain in support forums about hacked accounts, and the TNW story led to a brief panic in Skype land.
Were you among the "small number of users" affected by the security hole today? Speak out in the comments below!