The hack has reportedly been known for some months among Russian underground forums, but became more widely public on Wednesday.
Anyone who has received an email asking them if they want to reset their Skype password should check that it has not been taken over – and should reset the password themselves using the account details they have if so. However, captured accounts may have had their primary emails changed by any hackers who have grabbed them.
Skype, which was acquired by Microsoft in May 2011 for $8.5bn (£5.3bn), has more than 600 million registered users, and regularly sees more than 45 million online at any time.
The step-by-step explanation of how to hack the accounts was posted on a blog early on Wednesday, and gave simple instructions which used the "disposable account" facility offered by Skype to take control of existing accounts.
The key flaw is a web page in the password reset system, to which a token is also sent when a password reset request is made. That page allowed people to reset a password without having access to the email account itself. No email systems have been hacked.
Gaining control of a Skype account could let hackers use any credit to make calls, though the broader use is unclear. There are no details so far about how many accounts may have been hacked.
Skype moved quickly to block the hole, and said in a statement: "We have had reports of a new security vulnerability issue. As a precautionary step, we have temporarily disabled password reset as we continue to investigate the issue further. We apologise for the inconvenience, but user experience and safety is our first priority."
Microsoft is looking to integrate Skype and its Windows Live Messenger system in the next few months, pulling the instant messaging clients into Skype.
guardian.co.uk © Guardian News and Media Limited 2010
The Guardian
@guardianmore stories from The Guardian
Latest news, sport, business, comment, analysis and reviews from the Guardian, the world's leading liberal voice.
The Alchemists: Three Central Bankers and a World on Fire
Hubris: How HBOS Wrecked the Best Bank in Britain
Apple Chief Calls on US Government to Slash US Corporate Tax
Yahoo Now Needs Execution
Marissa Mayer Announces Yahoo Tumblr Acquisition Via Animated GIF
Facebook's IPO Put Chill On VC Spending, Tech IPOs
Fascinating Facts About The Human Brain
You'll Like This - The Excuse Creator
London in 1927 - Amazing Colour Video
Cats That Look Like Pin Up Girls
