UPDATE: Sony claims the exploit has been fixed and pushed back on reports of an additional hack.
"We temporarily took down the PSN and Qriocity password reset page," said senior director of corporate communications and social media Patrick Seybold on the PlayStation Blog. "Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed. Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up."
--
In case you were betting on how long it was going to take for something to go wrong on the PSN after it began to come back online last weekend, those of you who bet on "five days or less" win the door prize. Congratulations: you get a free copy of inFamous, and your password stolen again.
== TEASER == Late last night, Nyleveia discovered--and users on NeoGAF have verified--that Sony's online password reset system--specifically, the web-based version on sites such as PlayStation.com and Qriocity.com--has a rather nasty exploit in it that allows any would-be hacker to simply reset your account password provided they know your PSN account email and your date of birth. That's it. Entering that info apparently lets anyone who knows the exploit reset your password and access your account. On the plus side, you'll get an email sent to you notifying you that your password has been reset. So that's awesome.
Not long after this was reported, Sony took all of its web-based login systems down, and as of this writing, there is no specific update as to how long this fix will take to put into place. The official SCEE Twitter account noted this morning that "this maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email." So, to clarify, you can still log in on your console and play games online via PSN. You just can't use any of the web-based login sites until Sony fixes this exploit.
Nyleveia suggested that users create an entirely new email address for their PSN accounts, one not associated with any other online accounts in order to be absolutely safe. Because that's where we're at now. We're creating all new accounts just to be able to safely log into the PlayStation Network. I really hate the Internet sometimes.
265 Comments