Giant Bomb News

265 Comments

Well, Crap... Sony's Password Reset System Has Been Compromised [UPDATED]

by on

Sony takes down its web-based login/password access points to fix an exploit--console-based systems currently unaffected.

UPDATE: Sony claims the exploit has been fixed and pushed back on reports of an additional hack.

"We temporarily took down the PSN and Qriocity password reset page," said senior director of corporate communications and social media Patrick Seybold on the PlayStation Blog. "Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed. Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up."

--

In case you were betting on how long it was going to take for something to go wrong on the PSN after it began to come back online last weekend, those of you who bet on "five days or less" win the door prize. Congratulations: you get a free copy of inFamous, and your password stolen again.

== TEASER == Late last night, Nyleveia discovered--and users on NeoGAF have verified--that Sony's online password reset system--specifically, the web-based version on sites such as PlayStation.com and Qriocity.com--has a rather nasty exploit in it that allows any would-be hacker to simply reset your account password provided they know your PSN account email and your date of birth. That's it. Entering that info apparently lets anyone who knows the exploit reset your password and access your account. On the plus side, you'll get an email sent to you notifying you that your password has been reset. So that's awesome.

Not long after this was reported, Sony took all of its web-based login systems down, and as of this writing, there is no specific update as to how long this fix will take to put into place. The official SCEE Twitter account noted this morning that "this maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email." So, to clarify, you can still log in on your console and play games online via PSN. You just can't use any of the web-based login sites until Sony fixes this exploit.

Nyleveia suggested that users create an entirely new email address for their PSN accounts, one not associated with any other online accounts in order to be absolutely safe. Because that's where we're at now. We're creating all new accounts just to be able to safely log into the PlayStation Network. I really hate the Internet sometimes.

Alex Navarro on Google+
Filed under:
PlayStation Network (PS3)
265 Comments
Posted by Alex

UPDATE: Sony claims the exploit has been fixed and pushed back on reports of an additional hack.

"We temporarily took down the PSN and Qriocity password reset page," said senior director of corporate communications and social media Patrick Seybold on the PlayStation Blog. "Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed. Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up."

--

In case you were betting on how long it was going to take for something to go wrong on the PSN after it began to come back online last weekend, those of you who bet on "five days or less" win the door prize. Congratulations: you get a free copy of inFamous, and your password stolen again.

== TEASER == Late last night, Nyleveia discovered--and users on NeoGAF have verified--that Sony's online password reset system--specifically, the web-based version on sites such as PlayStation.com and Qriocity.com--has a rather nasty exploit in it that allows any would-be hacker to simply reset your account password provided they know your PSN account email and your date of birth. That's it. Entering that info apparently lets anyone who knows the exploit reset your password and access your account. On the plus side, you'll get an email sent to you notifying you that your password has been reset. So that's awesome.

Not long after this was reported, Sony took all of its web-based login systems down, and as of this writing, there is no specific update as to how long this fix will take to put into place. The official SCEE Twitter account noted this morning that "this maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email." So, to clarify, you can still log in on your console and play games online via PSN. You just can't use any of the web-based login sites until Sony fixes this exploit.

Nyleveia suggested that users create an entirely new email address for their PSN accounts, one not associated with any other online accounts in order to be absolutely safe. Because that's where we're at now. We're creating all new accounts just to be able to safely log into the PlayStation Network. I really hate the Internet sometimes.

Staff
Edited by Crono11

Really?  


Come on Sony
Edited by Beauty

yeah, exactly

Posted by ptc

unbelievable!

Posted by boylie

OH FOR FUCK'S SAKE

Posted by endaround

Sony's Top Men?  Yeah not so much with the Top part.

Posted by Sparky_Buzzsaw

Well, that's just a fantastic early morning "how do you do?"

Moderator
Posted by PhatSeeJay

For the love of!!

Posted by Microshock

Hackers are real pieces of shit, aren't they. No-life basement dwelling losers that have nothing to do but to fuck peoples shit up.

Posted by dvdhaus

Well I'm gonna call it. Sony will trot out whatever they have ready of their "new system" at E3, and start the ball rolling on it.  Think about it, what else do they have to lose.

Posted by Gumby

I wonder what it's like in the Sony offices right now...

Posted by JohnPaulVann

Stop race-hating on Sony! This could happen to anybody. The only reason any one is talking about it is because Sony is Japanese. The RROD was infinitely worse than the PSN failure but nobody made even one tenth as much noise. 

Posted by HarrySound

Ok....GET OUT OF MY OFFICE!

YOUR FIRED!
Posted by Dante_the_Jedi

This is just getting to funny now.

Posted by captain_clayman

OH JESUS CHRIST SONY.


MAKE YOUR SHIT GOODER
Posted by metalsnakezero

Well at least we're good on the consoles.

Posted by BonOrbitz
Posted by boylie
@JohnPaulVann said:
Stop race-hating on Sony! This could happen to anybody. The only reason any one is talking about it is because Sony is Japanese. The RROD was infinitely worse than the PSN failure but nobody made even one tenth as much noise. 
Yes, this is happening because of racism. Good on you for cutting through all this and getting right down to the ISSUES.
Posted by Tally_Pants

This is ridiculous! But oh well... my PS3 is my primary gaming console, but I play offline 99% of the time anyway, I only go online to buy things from the store to then play them offline lol

Posted by ptc
@JohnPaulVann said:
Stop race-hating on Sony! This could happen to anybody. The only reason any one is talking about it is because Sony is Japanese. The RROD was infinitely worse than the PSN failure but nobody made even one tenth as much noise. 
Sony Defense Force - ENGAGE!
Posted by thegoldencat7

Ouch.
Posted by Woodwater

Ha!


That is all.
Posted by FlemmingM

Well.. at least it's only your friends who could really fuck with you, on that exploit...

Posted by SmashingTimes

 typical

Posted by PhatSeeJay
@ptc said:
@JohnPaulVann said:
Stop race-hating on Sony! This could happen to anybody. The only reason any one is talking about it is because Sony is Japanese. The RROD was infinitely worse than the PSN failure but nobody made even one tenth as much noise. 
Sony Defense Force - ENGAGE!
It's one person! There's too many of them! Abort operation "race hate"! Abort!
Posted by familyphotoshoot

LMAO.

Posted by Luck3ySe7en

I just used the damn web-based password reset last night >.<  I thought it was weird that all they ask for was a date of birth, hell, you can figure that out from anyone's facebook.  Throw in some security questions, sony-cakes. 

Posted by Yummylee

...AAAAAAAAAAAAAAAAHAHAHAHAHAHAHAHAHAHAHAHAHA

Edited by UsbCable

Yay awesome! My biggest problem with this breach was that they got basically everything needed to call in to a company and confirm themselves as anyone on that list. Name/address is all most places ask for and if they ask for your email, number, DOB, secret question or last four of your card, they have that also. If someone isn't on top of their poop and uses the same info across the internet then it'll cause problems if these hackers ever use the info, a lot of the stolen info can't even be changed. I'm over it but it's still a bit frustrating.....


Edit: There should really be an edit button on the mobile version of the whiskey sites, I always submit a comment early by mistake...... :'(
Posted by UnsolvedParadox
Astonishing, exposing the reset token like that...incredibly bad security and planning.

@JohnPaulVann said:     

Stop race-hating on Sony! This could happen to anybody. The only reason any one is talking about it is because Sony is Japanese. The RROD was infinitely worse than the PSN failure but nobody made even one tenth as much noise. 

Are you seriously accusing the Giant Bomb community (and gamers in general) for being unhappy about consecutive security breaches of our info because we're racists?
Posted by DG991

That isn't that bad.

Posted by JEC03

E3 should be hilarious.

Posted by fox01313

Imaginary magic 8-ball is not surprised. Still sucks for Sony & hope they get this all figured out soon.

Posted by DedBeet

Sony's attempt at 2 factor authentication:  birth date + email address.

Posted by Taklulas

Sooooo ....about those free games.

Posted by Blunt

You know what I liked about game consoles 20 odd years ago? If shit was broke you just blew in the cartridge.

Posted by Khann

So much for security experts, huh?

Posted by RecSpec

Fucking bring the store back already Sony

Posted by Underachiever007
@JohnPaulVann said:
Stop race-hating on Sony! This could happen to anybody. The only reason any one is talking about it is because Sony is Japanese. The RROD was infinitely worse than the PSN failure but nobody made even one tenth as much noise. 
Can't tell if this guy's being sarcastic.
Posted by super2j
@JohnPaulVann:  Look im not one to take sides with xbox...ever. But, at this point anymore problems like this cant be ignored, and its irrelevant if its sony's fault or not. 

If you are on a bus and the bus driver gets into the accident bc of the condition of the bus, you would most likely understand and not give him a problem about being late. But if said driver fixes the bus and then assures you its working only to have it break down 500 meters from where you started....you may not be as understanding. Does not matter if he ran out of gas (ie different reason from stopping), you just see that he is inconveniencing you again.
Posted by MechaEspio

*le sigh*

I reset my password five hours ago. Son of a bitch.

Edited by AmericanNinja

Wow people panicking over nothing again. move on guys.

Posted by DedBeet
@JohnPaulVann said:
Stop race-hating on Sony! This could happen to anybody. The only reason any one is talking about it is because Sony is Japanese. The RROD was infinitely worse than the PSN failure but nobody made even one tenth as much noise. 
Exactly!  No one talked about the RROD so much that Microsoft was forced to extend the 360 warranties to 3 years costing them 1 billion dollars.  
Posted by Matiaz_Tapia

The thing about misleading  titles is that let's you know who actually read the article and who's only reacting.


 Read. Realize it's not a big of a deal as you think it is, move on with your day.
Posted by Pinworm45
rofl.
Posted by Spekingur

Oh, Sony.

Posted by Device

Face + palm...much?

Posted by bhhawks78

Glad I dumped my ps3 when sony took a week to tell me y info had been stolen.  Anyone who gives them info or $ is a sucker

Posted by Quipido

Dude!!

Posted by L

ROUND TWO DING DING

Use your keyboard!

  • ESC