Skype has suspended its password reset function after it emerged that a security flaw could be used to hijack user accounts.
The exploit allowed anyone with a user's email address to take over their account, and depended on Skype's policy of reminding new sign-ups of existing usernames they have previously registered when they attempt to re-register using the same email address.
The method was first posted on a Russian forum around three months ago but has only been addressed since Reddit users highlighted the issue.
Hijackers who accessed others' Skype accounts would not have been able to obtain users' credit card details, which are redacted by the voice calling service.
However, bogus users would have free reign over their account credit - and potentially further funds, if the user had enabled Skype's automatic credit top-up feature.
Answerphone messages, old text message conversations and sensitive user details would also be available to hijackers.
