Skype Accounts Get Hacked
The extremely popular video chat company “Skype” recently discovered a security flaw in its authentication process. The company, now owned by Microsoft, had to put a freeze on its password reset function until the issue was resolved. The hackers, reportedly from Russia, were able to take over and change the password of user’s accounts with only the knowledge of the user’s log-in email. The hackers were able to sign up as a new user with the same email address, but different password. The password reset function, however; would change the password for both accounts. Even though the password reset link was sent to the user’s email, which the hacker doesn’t have access to, the password reset link would appear for the hacker when they logged into the Skype application and they were able to change the password and take over the account for good.

There were many obvious flaws in this instance that need to be addressed. When signing up for an account, a website should never allow the same email address to be used for two different accounts. Also, when resetting or recovering a password, the reset link should be sent to the email address only or the user should be required to answer a security question or provide the old password if they know it. Skype was being lazy with their authentication security. There were multiple problems in the system that went undiscovered until numerous users were no longer allowed access to their accounts, causing the company harm to their reputation.