Skype disables password reset option after security hole discovered

Skype disables password reset option after security hole discoveredClose on the heels of recent reports of an apparent security hole discovered in the Skype, the account password reset option has been disabled on the website of the popular video-chat service.

It was on late Tuesday that a Russian-language forum first reported the security hole by posting instructions about how the hackers can abuse the password-reset feature to gain control of the users' accounts by changing their passwords.

Later, the details about the hackers' potential exploitation of the security hole were posted on some blogs, including Reddit; and the users confirmed that the mentioned password-reset hacking mechanism actually worked as reported.

Despite the fact that the reports about the security hole in Skype did not clarify as to whether the problem was caused by a design logic flaw or due to some bug in Skype's client or website, Skype said in a statement that it was investigating the issue.

Noting that "a small number of users" had probably been affected by the mentioned security hole, Skype's Leonas Sendrauskas said in a Wednesday post that the users who had been affected chiefly included those who had multiple Skype accounts registered to the same email address.

About Skype's move to block password resets, Sendrauskas said: "We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly."