Hacker Newsnew | comments | show | ask | jobs | submit login

After successfully exploited this on my own account, tried again with my SO's account and https://login.skype.com/account/password-reset-request has been blocked. Pretty good emergency reaction.

It should be noted that after my account password is changed, I tried to login with the old password, the Windows Skype app told me the username and password combination is wrong but it still let me logged in. This may be a different bug in caching?

Hope we can get a postmortem report out of this...




Apparently, https://login.skype.com/account/password-automation still works.

-----


It only works if the account had a credit card on file and/or made purchases in the past. Unless you know the credit card number or the purchase ticket number, this link isn't much help.

Can't believe Skype has been ignoring this issue up until in got to the top of Hacker News and HabraHabr.

-----




Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: