Report: PSN password page exploit found, site pulled [Update]
The PlayStation Network password reset page reportedly suffered an exploit that allowed attackers to change one's password. Sony has pulled several Web sites for "maintenance."
[Update 12:00 pm] Sony's Patrick Seybold has issued an update, acknowledging the exploit as the reason for the site outages. He says the URL exploit has been fixed internally, and that passwords can still be updated via your PlayStation 3 while you wait for the sites to come back up.
[Original Story] The PlayStation Network password reset page may have suffered a security exploit of its own, leading Sony to pull several sites. The potential issue was pointed out by Nyleveia, and echoed by both Eurogamer and NeoGAF users.
Reportedly, the exploit allowed attackers to change your password using the e-mail account and date-of-birth associated with your PSN account. Since both pieces of information were compromised in the recent PSN hack, whoever had that data could have changed passwords before Sony pulled the websites. On the bright side, if your password had been changed by someone else, you'd at least be notified via e-mail.
A community moderator for the PlayStation Europe forums noted that PlayStation.com, PlayStation forums, PlayStation Blog, Qriocity.com, Music Unlimited via web, and PlayStation game title sites have been taken down. You can still sign on with your PS3 and PSP to access online play, if you've already changed your password.
"Unfortunately, this also means that those who are still trying to change their password via PlayStation.com or Qriocity.com will be unable to do so for the time being," said the moderator. "This is due to essential maintenance and at present it is unclear how long this will take."
Nyleveia, which first noted the exploit, claims that Sony took the system down about 15 minutes after receiving a response from Sony Computer Entertainment Europe.
We haven't heard any reports of unauthorized password changes, so if the exploit reports are true, it seems likely that Sony caught it early. We've contacted Sony for comment.
-
Steve Watts posted a new article, Report: PSN password page exploited, pulled.
The PlayStation Network password reset page reportedly suffered an exploit that allowed attackers to change one's password. Sony has pulled several Web sites for "maintenance."-
Kind of an inflammatory headline contradicted by the last paragraph in the report.
It occurs to me that, as they restore services, Sony would be smart to audit every aspect of their network. Doubly smart to get an external entity to audit and then take action accordingly.
This is not a new problem. They've identified a long-standing problem and are being more proactive about it.
:P -
-
-
-
PSN users are the beta testers, don't be alarmed, its standard. Or you console only people can come to the land of freedom, safety, and security. The PC. http://chattypics.com/files/PC_x9gh3lwvvocrhf9s7d30.jpg
-
-
It was just a minor exploit you'd need all that other info just to get their password to reset... Those idiots from Kotaku are some of the worst reporters in the world, they say the site was hacked and it wasn't... Shit like this happens all the time plus everyone's looking for a way to reset their password from a bogus Email so...