UPDATED: Skype suspends password resets in wake of account takeover fears

Password and username box

Skype has suspended its password reset procedures following the discovery of a flaw that could let hackers access an account by guessing a user's email address.

To take advantage of the flaw, a hacker would simply need to create a new account using the victim's email address and request a new password.

The password reset token is then sent to the hacker, via the Skype client, allowing them to take control of the victim's original username and account.

The security hole could be used to lock people out of their accounts, access their chat logs and use up any paid-for credits they may have.

According to a report by The Next Web, the problem was flagged to Microsoft-owned Skype by Russian security researchers two months ago.

The firm acknowledged the issue in a blog post earlier today, adding that it was working on a fix.

"As a precautionary step, we have temporarily disabled password reset as we continue to investigate the issue further," the blog post stated.

"We apologise for the inconvenience but user experience and safety is our first priority."

It is thought, before the company stepped in, the only way users could protect themselves against the problem was by using a separate, hard-to-guess email address for their Skype accounts.

In a follow up statement to IT Pro, Skype claimed only a small number of users had been affected by the issue.

"This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today," it said.

"We are reaching out to a small number of users who may have been impacted to assist as necessary...and we apologise for the inconvenience."

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.