advertisement

Report: PSN password page exploit found, site pulled [Update]

by Steve Watts, May 18, 2011 9:15am PDT

[Update 12:00 pm] Sony's Patrick Seybold has issued an update, acknowledging the exploit as the reason for the site outages. He says the URL exploit has been fixed internally, and that passwords can still be updated via your PlayStation 3 while you wait for the sites to come back up.

[Original Story] The PlayStation Network password reset page may have suffered a security exploit of its own, leading Sony to pull several sites. The potential issue was pointed out by Nyleveia, and echoed by both Eurogamer and NeoGAF users.

Reportedly, the exploit allowed attackers to change your password using the e-mail account and date-of-birth associated with your PSN account. Since both pieces of information were compromised in the recent PSN hack, whoever had that data could have changed passwords before Sony pulled the websites. On the bright side, if your password had been changed by someone else, you'd at least be notified via e-mail.

A community moderator for the PlayStation Europe forums noted that PlayStation.com, PlayStation forums, PlayStation Blog, Qriocity.com, Music Unlimited via web, and PlayStation game title sites have been taken down. You can still sign on with your PS3 and PSP to access online play, if you've already changed your password.

"Unfortunately, this also means that those who are still trying to change their password via PlayStation.com or Qriocity.com will be unable to do so for the time being," said the moderator. "This is due to essential maintenance and at present it is unclear how long this will take."

Nyleveia, which first noted the exploit, claims that Sony took the system down about 15 minutes after receiving a response from Sony Computer Entertainment Europe.

We haven't heard any reports of unauthorized password changes, so if the exploit reports are true, it seems likely that Sony caught it early. We've contacted Sony for comment.




Comments

See All Comments | 1 Thread | 31 Comments*