Yesterday we reported on a new threat for Skype users. The problem was that a new exploit had been uncovered that allowed hackers to take full control of any account they wished, as long as they had the email address associated with it. Good news, Microsoft has already jumped up and fixed the issue.
Here’s Microsoft’s full statement regarding the issue:
Early this morning we were notified of user concerns surrounding the security of the password reset feature on our website. This issue affected some users where multiple Skype accounts were registered to the same email address.
We suspended the password reset feature temporarily this morning as a precaution and have made updates to the password reset process today so that it is now working properly. We are reaching out to a small number of users who may have been impacted to assist as necessary. Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience.
While the issue does in fact seem to be resolved, it is probably a good security practice to go ahead and change your account password. Better safe than sorry. While exploits happen and can sometimes be unavoidable, the important thing is how quickly Microsoft responded to the problem. As soon as they were aware of the issue, they rushed to get a fix up and running. That’s about all we can really ask for in this type of situation.