A security breach in the video-chat website Skype that allowed almost anyone to change a user’s password and take control of their account has been fixed, the company confirmed Wednesday.
The flaw, first discovered two months ago and posted on a Russian forum, allowed hackers to use a person’s e-mail address and a password reset tool to gain entry into accounts that could contain personal information, according to CNN. Skype disabled its password-reset feature when it learned of the hacks early Wednesday and said the breach only affected “a small number of users,” mostly those who had multiple accounts registered to the same e-mail address.
Skype, which is owned by Microsoft, made updates to its password system and the site is running normally, ABC News said.
Tech website The Next Web first reported the breach after it reproduced the attack on some of its own consenting employees.
“[The breach] lets anyone create another username for your Skype account by just knowing your e-mail address,” The Next Web posted. “The whole process took roughly two minutes, and it could be automated in a way to hijack multiple accounts in quick succession.”
The Skype security hole comes almost a week after a similar breach happened on Twitter when a third-party website compromised a number of accounts. Some users received e-mail notifications asking them to change their passwords, ABC News reported.
Robert Siciliano, an online security expert with McAfee, tried to explain to ABC News why this is a recurring problem.
"The systems themselves can be compromised in a few ways. For instance, internally they might be missing patches that are allowing criminals to access servers," Siciliano said. “You might have all the doors, but the locks are broken. With Skype and Twitter this week, they might have the systems in place, but they don't have the latest, greatest security to combat the certain attacks."
© 2013 Newsmax. All rights reserved.