Skype fixes security flaw allowing ‘hijacking of user accounts’
London: Free Internet-calling service Skype has reportedly fixed a security flaw that allowed hackers to ‘hijack’ user accounts.
The flaw allowed anyone with a user's email address to take over their account, and depended on Skype's policy of reminding new sign-ups of existing usernames they have previously registered when they attempt to re-register using the same email address.
According to the Telegraph, the method was first posted on a Russian forum around three months ago, but has only been addressed since Reddit users highlighted the issue.
Hijackers who accessed others' Skype accounts would not have been able to obtain users' credit card details, which are redacted by the voice calling service, the paper said.
However, bogus users would have free reign over their account credit, and potentially further funds, if the user had enabled Skype's automatic credit top-up feature, it added.
Answerphone messages, old text message conversations and sensitive user details would also be available to hijackers.
According to the paper, this latest security flaw proved to be an embarrassing revelation for the Microsoft-owned company, because Microsoft had been attempting to persuade its Windows Live Messenger users to switch to Skype.