Skype has sent out an email titled “Unauthorized activity on your Skype account” to all those accounts that were hijacked by a recently discovered security hole that was patched earlier today. Since I let one of my colleagues hijack my account as a way to test the legitimacy of the issue, I was one of the recipients of such an email.
TNW staff that had their Skype accounts voluntarily hijacked as part of my testing also received emails. If I try to log into Skype, here is the message I receive:
I clicked on the “can confirm your identity and release your account” link in the email to start the process. I was asked for my Skype Name, email address, the year I created my Skype account (I had no idea, but was told it wasn’t critical), and the country I was in when I did so. I was also asked what payment methods I used to pay for Skype, if at all, and finally to give details on three of my Skype contacts.
After that Skype thanked me and spit out this automated message:
Looks like we’ve got everything we need
We’ve received your support request and will aim to get back to you as soon as we can. Learn more about getting support for Skype.
Mere minutes later (or about as long as it takes to write this article, I received an email telling me that all is well:
The short wait time makes sense, given that Skype says only a “small number” of users had their accounts hijacked in this way. I clicked on the link, and received yet another email.
Inside was a password token and a link. I followed the steps to reset my password and was quickly told “Your password has been changed. You can sign in to Skype with your new password.”
Finally, the fourth and last email arrived titled “Password successfully changed.” If you had your account hijacked, whether you knew it or not, you’ll have to go through these steps too.
We have contacted Skype for more information. We will update this article if and when we hear back.
Previous coverage – Security hole allows anyone to hijack your Skype account using only your email address and Skype plugs security hole letting anyone hijack accounts, says ‘small number’ of users affected
Image credit: Neil Gould