Microsoft plugs Skype email security hole that let people steal your account


Microsoft has blocked a major Skype security hole that allowed anyone to access your account with only your email address. The only problem now is that it shouldn’t have existed in the first place.

First posted on a Russian forum some months ago – but apparently ignored by Microsoft until today – the security flaw worked like this: Someone creates a new Skype account with your email address, the one associated with your Skype account. In doing so, this person now has the ability to reset the password of both the new account and your actual account, thus gaining access while also blocking you out.

The security flaw percolated to the surface earlier today on Reddit, and was later recreated by writers at The Next Web, who successfully gained access to the Skype accounts of two other TNW employees. Microsoft responded quickly by shutting down the password reset page entirely.

“We have had reports of a new security vulnerability issue,” wrote engineer Leonas Sendrauskas on the Skype security blog. “As a precautionary step we have temporarily disabled password reset as we continue to investigate the issue further. We apologize for the inconvenience but user experience and safety is our first priority.”

The problem here is that “user experience” and “safety” are diametrically opposed goals. Skype made the user experience of resetting a password less of a hassle by allowing a person to do so with only an email address. But clearly this was not a safe way to do things.

As avoidable as this whole debacle is, we feel for Skype, and every other online system that requires a login: Achieving a balance between user experience and safety is extremely difficult. Imposing meaningful online security means putting roadblocks in the way of people who are trying to use your service. Creating an easy user experience often means ditching security precautions. No matter which way you go, something has to give.

Regardless, it may still be a good idea to beef up your Skype security while Microsoft investigates a fix. The only way to do this is change the email address associated with your Skype account to something nobody else knows (which probably means creating an entirely new email account). Once you’ve done that, simply login (assuming you still can), go to Profile > Edit > add new email address. Click Save. Then go to Edit again, and set the new email address as your primary email, then save again. Then enter your password and click the Enter button. Then go back and delete the previous email.

How’s that for user experience?

Update 11 a.m. ET: Skype has released an “updated statement” on the security issue. It reads as follows:

“Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address. We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.”


Microsoft extension adds Google Chrome support for Windows Timeline

The Windows Timeline feature is now much more versatile thanks to the added support for Google's Chrome browser. All you need to do to increase its functionality is to download the official Chrome extension.

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.

Want to share your Xbox One games with a friend? Here's how to do it

Sharing games on modern consoles is possible, but it takes a few steps. Here's how to start sharing games on your Xbox One console, so friends and family can easily access your library.

Protecting your PDF with a password isn't difficult. Just follow these steps

If you need to learn how to password protect a PDF, you have come to the right place. This guide will walk you through the process of protecting your documents step-by-step, whether you're running a MacOS or Windows machine.

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.

Chrome is a fantastic browser, but is is still the best among new competitors?

Choosing a web browser for surfing the web can be tough with all the great options available. Here we pit the latest versions of Chrome, Opera, Firefox, Edge, and Vivaldi against one another to find the best browsers for most users.

YouTube changes its strikes system, offers softer first-offense penalty

YouTube announced changes to its strikes system for its content creators. The changes include a softer first-offense penalty for creators who violate YouTube's guidelines and more consistent penalties for further violations.
Movies & TV

Here’s how to watch the 2019 Oscars livestream online

The 91st Academy Awards will air live on ABC, but there are also a number of ways to watch Hollywood's biggest night online using your mobile device, desktop, or set-top streamer. Here's how to catch the Oscars livestream.

An experimental feature could help reduce memory usage in Google Chrome

Google Chrome might be the most popular web browser, but it also is a resource hog. Google is currently working on an experimental feature for Chrome which sets out to reduce its overall memory usage. 

Need a free alternative to Adobe Illustrator? Here are our favorites

Photoshop and other commercial tools can be expensive, but drawing software doesn't need to be. The best free drawing software is just as powerful as some of the more expensive offerings.

Edit, sign, append, and save with six of the best PDF editors

Though there are plenty of PDF editors to be had online, finding a solution with the tools you need can be tough. Here are the best PDF editors for your editing needs, no matter your budget or OS.

Rid yourself of website notification requests in just a few easy steps

Wish you knew how to block browser and website notifications? You can do it on a case by case basis, but that can become dull after the 10th site has asked for your approval. Here's how to block them outright.

Don't take your provider's word for it. Here's how to test your internet speed

If you're worried that you aren't getting the most from your internet package, speed tests are a great way to find out what your real connection is capable of. Here are the best internet speed tests available today.

The best place to print photos online in 2019

Have you been looking around for the best place to print out your favorite photos online or in store? Don't fret, we've pored through dozens of options and narrowed it down to the seven best.