Paramount Plus Marvel's Loki release date Spider-Man 3 title Control Spot robot online Powerball $90M drawing Wednesday Third stimulus check rules

Sony takes sites down after log-in exploit found

An exploit that allows hackers to change PlayStation Network passwords was discovered this morning and posted on a blog. Sony has since taken some Web sites down to fix the problem.

The sign-in for PlayStation Network on the Web was out of service this morning. Screenshot by Erica Ogg/CNET

Just days after most services for PlayStation Network were brought back online, it appears a new exploit has been discovered that allows hackers to change users' passwords with the data stolen during the break-in to the service last month.

The Web sites that allow PSN users to sign in and reset their passwords have since been taken offline, as the graphic above from shows. This problem reportedly does not affect the ability to sign in via a PlayStation 3 or PlayStation Portable, just some Sony Web sites.

The report comes from gaming blog Nyleveia, which posted a warning to PSN users that their passwords might not be safe and contacted Sony about it.

Another blog, Eurogamer, says it confirmed the exploit, which allows someone to reset your password by knowing your e-mail address used for the account and date of birth. That information is known to be among the data belonging to 100 million users of Sony's gaming services that was exposed between April 17 and 19 in the second-largest security breach in U.S. history.

Eurogamer says users that changed the e-mail address connected to the PSN account after PSN was restored this weekend should not be at risk.

Yesterday, speaking to a handful of reporters, Sony CEO Howard Stringer admitted that while the company had rebuilt the security for PSN during the three weeks it was unavailable, no system could be guaranteed "100 percent secure."

Update 11:12 a.m. PT: Sony spokesman Patrick Seybold wrote today in a blog post that Sony "temporarily took down the PSN and Qriocity password and reset page." There was "no hack," he emphasized, but a "URL exploit that we have subsequently fixed."

At the time of this update, and log-in pages were still inaccessible.