Hello. My friend has just lost his password. He can't log on skype anymore. Unfortunately he had some money on skypout. Don't wait. Also he can't remember if he ever loged on share.skype.com so risk is even bigger.

I got the same e-mail for my main Skype account! Ididn't receive other e-mails for other accounts i have (i only registered with my main account name on the "share Skype" blog. I agree this is a big nuisance and scary :-( , although they try to reassure!
I am indeed angry! And you are right: those who didn't register with an e-mail address, or who "lost" the e-mail address for any reason (e-mail account cancelled for instance) will also lose the username and credit! Unless Skype has a solution for this!

I got the same email from Skype. And until I read this post, didn't really look at it. When I read this, I hurried over and changed my password but the the promised new password hasn't arrived. Am afraid to log off Skype as I will be stuck. Hope my SkypeIn and SkypeOut credit doesn't vanish. This is nuts. Skype is probably overwhelmed by the number of requests and hasn't been able to respond to all ... am hoping.

Why some users got a password change

Skype has a standard for storing all Skype user credentials and we've just completed an audit our platforms to make sure that all systems meet that standard. One of the elements of this standard is that all user password authentication must be done by a central system that employs a single uniform password encryption and storage methodology.

If any of our service platforms want to use Skype usernames as the basis for identity, they must use that central authentication system. By using the central system, we believe that we can best protect our users' privacy.

Our audit showed that the only one system in our services infrastructure stored encrypted user passwords outside of our core authentication system, and this was the "share" site. The "share" site stored encrypted user passwords, too, but should have used the central system to do all authentication.

However, because passwords for users of the "share" site were stored in a different encrypted format than that which we set as our standard, I directed our operations team to eliminate the parallel storing of encrypted passwords, to consolidate the authentication systems, and to require users to change their passwords to ensure that stored passwords are always stored securely.

As of this morning (30 November 2005), we had consolidated all authentication in one place and eliminated the parallel storing of encrypted passwords. With that task completed, we then began the process of notifying users and requiring password changes for users.

How we're dealing with the problems

The password changes affect less than 1% of Skype's registered users and its implementation enhances the security of Skype users and of Skype's service offerings. But we know that some users have had problems resetting their passwords as a result of this authentication migration. Our customer service team (http://support.skype.com) is aware of these issues and stands ready to assist people who have had these kinds of problems.

Because of this experience, as well as suggestions received by users, we are working on a number of longer-term solutions to make password management better and more robust.

Kurt Sauer
Head of Security Operations
Skype Technologies, S.A.

Every service has to do this now and then. What bothers me is the way they did it. I was blindsided.

I received a SkypeIn voicemail last night (from the UK while I was sleeping in California). I clicked to return the call and Skype killed my 15 open chats, logged me out. I missed a scheduled press interview, and connecting with various team members because of this lockout. I was at the gate to Skypeland for an hour. Frustrating. And scary like you said.

I got locked out too, had to request a new password