A new security hole has been discovered in the latest version of Skype, allowing users to gain control of your account. And it appears pretty simple, all you need to do is to know the user’s email address.
According to The Next Web, who have reproduced the attack and verified the vulnerability, the email address is used to create a new account with that email address before resetting the password to gain access to the target account. Of course, there are steps in between, but they have not been disclosed – for obvious reasons.
The flaw was posted two months ago on a Russian forum, and now it has taken this long to become public attention. Skype has been alerted by The Next Web, and told them that they are conducting an “internal investigation”. However, another Russian website – which we are not linking as it names the person who found it and the site – says that the person told Skype of the hole.
In order to protect yourself, it appears the only way to do that is to, essentially change your email address. But, hopefully, a fix will come so that does not have to happen.