Emil Protalinski for The Next Web – Security hole allows anyone to hijack your Skype account using only your email address:
We reproduced the attack, step-by-step, and managed to access the Skype accounts of TNW writer (with permission) Josh Ong (as well as editor Matt Brian to verify again) with only their email addresses. Essentially, that email address is used to create a new account with your own email address tied to it. Then, minus a couple of key steps, you can use a password reset token to gain access to your target’s account.
You better change your email to an address nobody knows. Hint: Gmail supports the + operator in addresses. So yourusername+totallysecretaddition@gmail.com arrives at yourusername@gmail.com.
Update:
The Verge reports that Microsoft is disabling password resets.