There have been two reported cases where Skype and Facebook had their accounts hijacked by the exploitation of logical flaws in their account set-up mechanism.
The security researchers who uncovered these flaws, smartly attempted to combine features available to set-up and reset accounts, to gain full control over their victims account. None of these attacks required coding knowledge or special skills and the attacker did not require the knowledge of secret credentials to gain access to accounts; only email ids or profile names. In both these attacks the owners of the targeted account, had no indication that the hack was underway until they were no longer able to access their account.
photo credit: Rosaura Ochoa via photopin cc