Skype users who are chatting online when their client crashes may later find the last instant message they sent to someone actually ended up with someone else. The privacy bug surfaced after users began reporting strange activity in a community forum.
Today Skype’s Leonas Sendrauskas issued a statement in a blog post acknowledging the flaw, which is expected to be fixed in a few days. It apparently is limited to those users whose Skype client crashes during an IM exchange. Once rebooted, or if the user logs back in as a new user, the last message drafted or sent before the crash is delivered – but to a different contact.
“Although we cannot determine precisely how many users may have been affected by this error, we believe the number is small given the very specific circumstances under which the error occurs,” Sendrauskas said.
The number of impacted users may be small, but the impacted clients are more broad. They include Skype 5.9 and 5.10 for Windows, Skype 5.8 for Mac, Skype 4.0 for Linux, Skype 1.2 for Windows Phone, Skype 2.8 for Android and Skype 4.0 for iOS.
“We urge all Skype customers to download the latest client as soon as they are notified that any update, including this fix, is available,” according to the employee post.
In April, the company, which was bought last year by Microsoft, came under fire for failing to disclose a security vulnerability that allowed for IP snooping. The flaw came to light after someone posted online instructions on a simple script to disclose Skype users’ locations. To minimize risk, impacted Skype users were asked to sign off of the service when not in use.