Skype suffered a security breach early Wednesday morning, allowing hackers to hijack any of the service's 250 million users' passwords and create a new account, using only an email address.
The international calling company was forced to temporarily shut down its password-reset feature, it said in a blog post.
"This issue affected some users where multiple Skype accounts were registered to the same email address," Skype said in the statement. "We suspended the password-reset feature temporarily this morning as a precaution and have made updates to the password-reset process today so that it is now working properly."
The Next Web reported that it traced the breach back to a Russian hacker site that allowed cyber criminals to crack users' accounts by using their email address to create a new username, tether it to the old one, then change the password for both.
Microsoft, which owns Skype, is now conducting an investigation.
"We are reaching out to a small number of users who may have been impacted to assist as necessary," Skype said. "Skype is committed to providing a safe and secure communications experience to our users and we apologize for the inconvenience."