Sony takes sites down after log-in exploit found
An exploit that allows hackers to change PlayStation Network passwords was discovered this morning and posted on a blog. Sony has since taken some Web sites down to fix the problem.
Just days after most services for PlayStation Network were brought back online, it appears a new exploit has been discovered that allows hackers to change users' passwords with the datato the service last month.
The Web sites that allow PSN users to sign in and reset their passwords have since been taken offline, as the graphic above from PlayStation.com shows. This problem reportedly does not affect the ability to sign in via a PlayStation 3 or PlayStation Portable, just some Sony Web sites.
The report comes from gaming blog Nyleveia, which posted a warning to PSN users that their passwords might not be safe and contacted Sony about it.
Another blog, Eurogamer, says it confirmed the exploit, which allows someone to reset your password by knowing your e-mail address used for the account and date of birth. That information is known to be among the data belonging to 100 million users of Sony's gaming services that was between April 17 and 19 in the second-largest security breach in U.S. history.
Eurogamer says users that changed the e-mail address connected to the PSN account after PSN was restored this weekend should not be at risk.
Yesterday, speaking to a handful of reporters, Sony CEO Howard Stringer admitted that while the company had rebuilt the security for PSN during the three weeks it was unavailable,
Update 11:12 a.m. PT: Sony spokesman Patrick Seybold wrote today in a blog post that Sony "temporarily took down the PSN and Qriocity password and reset page." There was "no hack," he emphasized, but a "URL exploit that we have subsequently fixed."
At the time of this update, PlayStation.com and Qriocity.com log-in pages were still inaccessible.