New exploit compromises PSN password reset system

New exploit compromises PSN pa...
A new security concern has arisen barely a day after the PSN went back online
A new security concern has arisen barely a day after the PSN went back online
View 1 Image
A new security concern has arisen barely a day after the PSN went back online
A new security concern has arisen barely a day after the PSN went back online

When Sony began restoring the PSN earlier this week - albeit in limited form starting with gaming, music and video services - many believed the end was in sight for the problems facing the network that had seen it offline for nearly a month after the details of 77 million users were stolen. In yet another hiccup for the service, yesterday revealed a hack had surfaced that allowed attackers to change a user's password using the email address linked to the user's account and the user's date of birth - exactly the kind of information that was compromised in the original attack on the service that saw it taken offline in the first place.

After confirming the security flaw, Nyleveia contacted Sony Computer Entertainment Europe (SCEE) and the Web-based PSN login/Password recovery site was taken down "for maintenance." PlayStation Blog is now reporting the "URL exploit" has been fixed and encourages those who haven't already reset their passwords to do so directly on their PS3 while Sony works to get the password recovery website back up - which it says will happen "soon." However, Nyleveia recommends setting up a completely new email account to use only with your PSN account to be on the safe side.

The latest security hole will do nothing to instill confidence in Sony among PSN users, but in an attempt to smooth things over Sony earlier this week announced details of its "Welcome Back" initiative that allows PS3 and PSP users to download a couple of free games as well as getting 30 days free access to the PlayStation Plus premium service. Qriocity subscribers will also receive 30 days free access to that service.

Hopefully the company has now ironed out all the security holes and PSN users can get on with the important business of playing games.

Rocky Stefano
And this is an exploit because?..... Big deal... using information that was stolen? How suprising that you need a date of birth and your email. Things that normally would not have been known until stolen. What kind of exploit is that?
Aj Jensen
You copy the log in infor the you have access to credit cards and game downloads.
Gene Jordan
@Rocky ~ this is still an exploit because even without counting the information that was stolen earlier, being able to reset a password with just an email address and date of birth is very weak security in any system. Very little hacking, either social and otherwise would allow me to discover the email address and date of birth of many people, most of whom I do not know. Those two pieces of information are the easiest to find for just about any person. Sony is going to have to come up with a more secure system for allowing the reset of passwords online.
Matt Rings
Date of birth can easily be found on a Facebook page as public information, and then you can do an email search for that person on Yahoo People search... what lame \"security\"....