Sony just can’t win. As the company tries to roll out the new and improved PlayStation Network after nearly a month of downtime, it’s been shown that the password reset system suffers from a nasty exploit.
An attacker simply needs your PSN account email and your date of birth to change your password and access your account – and, you guessed it, that information was compromised in last month’s attack on the data centre.
The company reacted quickly, making PSN sign-in unavailable for its websites (including PlayStation.com and the PlayStation forums), and setting all PlayStation games to unavailable. All password reset emails point to a website that is also offline.
Sony has commented:
“Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance and at present it is unclear how long this will take.
“In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information.”
To confirm – this “essential maintenance” does not affect gamers who have already changed their emails, or PSN on consoles. If you’re not in yet though, you might be waiting a while.
[surl=http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/]Nyleveia.com[/surl] first posted about the exploit, suggesting:
“I would suggest that you secure your accounts now by creating a completely new email that you will not use ANYWHERE ELSE, and switching your PSN account to use this new email.
“You risk having your account stolen, when this hack becomes more public, if you do not make sure that your PSN account’s email is one that cannot be affiliated with or otherwise traced to you.”
Other sites around the internet have backed up the claim, while Nyleveia claims to have contacted Sony about the exploit. Sony was unavailable for comment.
playerattack News is a once-a-week wrap up of the biggest news to hit the pages of playerattack. If you’d like to subscribe, you can do that via RSS feed, through iTunes, or if you’d prefer, subscribe to our YouTube channel.