The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Latest Cyber Security, Hacking & Tech News: Skype account hijack

5-year-old Skype Backdoor Discovered — Mac OS X Users Urged to Update

5-year-old Skype Backdoor Discovered — Mac OS X Users Urged to Update

December 14, 2016Swati Khandelwal
Those innocent-looking apps in your smartphone can secretly spy on your communications or could allow hackers to do so. Hard to believe, but it's true. Recently, Trustwave's SpiderLabs analysts discovered a hidden backdoor in Skype for Apple's macOS and Mac OS X operating systems that could be used to spy on users' communications without their knowledge. The backdoor actually resides in the desktop Application Programming Interface (API) that allows third-party plugins and apps to communicate with Microsoft-owned Skype — the popular video chat and messaging service. Appeared to have been around since at least 2010, the backdoor could allow any malicious third-party app to bypass authentication procedure and provide nearly complete access to Skype on Mac OS X. How an Attacker can Take Complete Control of Your Skype The malicious app could bypass authentication process if they "identified themselves as the program responsible for interfacing with th
Security hole allows anyone to hijack your Skype account

Security hole allows anyone to hijack your Skype account

November 14, 2012Mohit Kumar
It looks like Skype has another big hole in their security. According to reports, a security hole makes Skype accounts vulnerable to hijacking. The security hole allows unauthorized users with knowledge of your Skype-connected email address to change the password on your Skype account, thus gaining control of it. The hijack is triggered by signing up for a new Skype account using the email address of another registered user. No access to the victim's inbox is required one just simply needs to know the address. Creating an account this way generates a warning that the email address is already associated with another user, but crucially the voice-chat website does not prevent the opening of the new account. Then hacker just have to ask for a password reset token , which Skype app will send automatically to your email, this allows a third party to redeem it and claim ownership of your original username and thus account. The issue was reportedly documented on Russian forums
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.