New exploit compromises PSN password reset system
When Sony began restoring the PSN earlier this week - albeit in limited form starting with gaming, music and video services - many believed the end was in sight for the problems facing the network that had seen it offline for nearly a month after the details of 77 million users were stolen. In yet another hiccup for the service, Nyleveia.com yesterday revealed a hack had surfaced that allowed attackers to change a user's password using the email address linked to the user's account and the user's date of birth - exactly the kind of information that was compromised in the original attack on the service that saw it taken offline in the first place.
After confirming the security flaw, Nyleveia contacted Sony Computer Entertainment Europe (SCEE) and the Web-based PSN login/Password recovery site was taken down "for maintenance." PlayStation Blog is now reporting the "URL exploit" has been fixed and encourages those who haven't already reset their passwords to do so directly on their PS3 while Sony works to get the password recovery website back up - which it says will happen "soon." However, Nyleveia recommends setting up a completely new email account to use only with your PSN account to be on the safe side.
The latest security hole will do nothing to instill confidence in Sony among PSN users, but in an attempt to smooth things over Sony earlier this week announced details of its "Welcome Back" initiative that allows PS3 and PSP users to download a couple of free games as well as getting 30 days free access to the PlayStation Plus premium service. Qriocity subscribers will also receive 30 days free access to that service.
Hopefully the company has now ironed out all the security holes and PSN users can get on with the important business of playing games.