Skype has disabled its password reset capability after a serious security threat was revealed which allowed anyone to take control of an account using its email address.
The method was reportedly known about months ago on Russian internet forums but has only been spotted by the Microsoft-owned company after users of the Reddit social networking site highlighted the issue.
The hack worked using Skype's password reset feature which delivered a password reset token to the email address tied to the user's account.
The hijacker could then access the reset email via the Skype app using a bogus account linked to the original account.
Skype hides a user's credit card details and has security checks to prevent fraud if an account is hijacked this way. However, all pre-existing calling credit stored on the account is vulnerable.
The security flaw was first reported on the internet blog, The Next Web, before it was passed onto Skype.
"We reproduced the attack, step-by-step, and managed to access the Skype accounts of TNW writer (with permission) Josh Ong (as well as editor Matt Brian to verify again) with only their email addresses," said a reporter on the blog.
"Having done all that, I could see my username for Josh's account, and Josh's username (for the first time - note, I had no idea what it was until this point) for his account, as well as change the password for whichever I pleased. I changed Josh's, locking him out of the account and letting me in. Since I did this before Josh could, and he would have to be watching his email account 'like a hawk' (his words, not mine) to beat me, I essentially gained exclusive access to his account. He couldn't log back in until I gave him the new password."
Skype, which has a registered user base of over 600 million people said the security flaw only affected a "small" number of users who it thinks may have been hacked in this way.
In a statement it said, "Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly."
"We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologise for the inconvenience," it added.
Skype was bought by Microsoft for $8.5bn last year and has since become central to the company's plans in the mobile communications space.
Earlier this week, the company launched an updated version of the program designed to be integrated with its Windows 8 operating system. The new program is designed to work seamlessly between all Windows devices, including smartphones, tablets and desktop PCs and Microsoft says it will eventually entirely replace its Windows Live Messenger internet messaging service in the new year.
most read
more stories from Internet / Social Media
Google's two-minute blackout has caused a whopping 40 percent drop in global Internet traffic.
ernest hamiltonRumors turned out to be legitimate, as Xbox Music web player is now live.
ernest hamiltonA bug in Facebook's latest beta app for Android collected and stored the phone numbers of anyone who launched the app, regardless of whether they logged in or had an account.
ernest hamiltonMozilla Firefox 22 is bringing advance 3D gaming to the web with Unreal Engine 3.
ernest hamiltonA security bug in Facebook's 'Download Your Information' (DYI) tool exposed email addresses and telephone numbers of roughly 6 million users.
ernest hamiltonTwo of the new features now available on Socl comes in the form of a meme generator and GIF creator. This is a good idea since memes and GIFs are one of the leading activities on the Internet right now.
ernest hamiltonThe Facebook invitation doesn't say anything about the product or the service that is going to be launched on June 20.
ernest hamiltonIn the new version of OS X, dubbed OS X 10.9 Mavericks, if you use the new Safari web browser to open a website that is power hungry, you will not have to close it in order to save your battery life.
ernest hamilton