"... to simply reset your account password provided they know your PSN account email and your date of birth.
PlayStation Network (PS3)
Platform »
The PlayStation Network is the online service by Sony Computer Entertainment, providing downloads of games, trailers, themes and much more. The service is free, but also offers a paid version for various benefits.
Well, Crap... Sony's Password Reset System Has Been Compromised [UPDATED]
Jack Trenton now has every possible sleeve rolled up.I'm sure even he is rolling his eyes at PSN at this point.
If you can't make a secure login system in 2011, you are either lazy or stupid.@JohnPaulVann: racism or no racism you are right that this could happen to anyone i cant believe so many gamers are up in arms about this but instead of being angry at the hackers all they care about is bitching about sony
This could definately not happen to anyone, and it especially shouldn't to a billion dollar tech company like Sony.
"... to simply reset your account password provided they know your PSN account email and your date of birth.@Donos said:so what? Password reset by submitting email is on every web site login ever.
Isn't this how password reset works for just about anything? You enter your login username, and an email is sent to whatever email account is associated with that username. It just so happens that for PSN, your username is your email account.They could just make it so the password isn't reset until you hit a password reset link in that email, though that would be more open to phishing scams.I don't see much reason to be mad at Sony for doing the exact same thing as every other account-based online service.Edit: Hell, the Giant Bomb password reset works the same way. Breaking news, Giant Bomb's password reset system has been compromised!!!@teekomeeko said:
It took likely years to build the network to begin with, and they had no choice but to build it again in like a month. Whoever didn't see a weird exploit coming is out of their minds.Man I love it when other people do my work for me.The simplicity of the password reset was necessary because the interwebs confuses too many people, but coincidentally that type of thing is what MOST password resets I've ever had to do use (I think Amazon has it fairly simple, too, and my credit card info is all over that bitch), so pretty much most of the internet is vulnerable to this type of account theft.
Hackers are real pieces of shit, aren't they. No-life basement dwelling losers that have nothing to do but to fuck peoples shit up.They didn't even gain anything out of this! They're just deliberately being dicks to millions of people for no reason. The only reason I could think of is that they're upset with the GeoHotz thing, so they did this hoping that people wouldn't read into it and would just get mad at Sony. And you know what? It's fucking working! Yes, Sony deserved what was coming to them, they needed to fix their security issues, but the innocent PS3 owners should not have been involved in any way.
I'm really rooting for Sony this E3. This was supposed to be their year and it still can be.
thats pretty stupid on Sony's part. All you need is a password reset system in which it asks for you e-mail address it checks if that e-mail address is in the system and then sends you an e-mail with a temporary password. You use that password to log in, and the first thing it should do after logging in is to change the password.
@warmonked said:I think the biggest thing is that the info that leaked in the first place was the user base's e-mail addresses and DOBs, something Sony probably should've put into consideration before rolling out PSN again. They should've known they'd be under scrutiny for the slightest crack in the armor."... to simply reset your account password provided they know your PSN account email and your date of birth.@Donos said:so what? Password reset by submitting email is on every web site login ever.Isn't this how password reset works for just about anything? You enter your login username, and an email is sent to whatever email account is associated with that username. It just so happens that for PSN, your username is your email account.They could just make it so the password isn't reset until you hit a password reset link in that email, though that would be more open to phishing scams.I don't see much reason to be mad at Sony for doing the exact same thing as every other account-based online service.Edit: Hell, the Giant Bomb password reset works the same way. Breaking news, Giant Bomb's password reset system has been compromised!!!@teekomeeko said:It took likely years to build the network to begin with, and they had no choice but to build it again in like a month. Whoever didn't see a weird exploit coming is out of their minds.Man I love it when other people do my work for me.The simplicity of the password reset was necessary because the interwebs confuses too many people, but coincidentally that type of thing is what MOST password resets I've ever had to do use (I think Amazon has it fairly simple, too, and my credit card info is all over that bitch), so pretty much most of the internet is vulnerable to this type of account theft.
Man. That sign on the door at Sony that says "It has been _ days since we had a hacker incident." seems to be getting a work out lately.
I like how this means that everyone who said "Japan is an asshole for not letting Sony bring their service up there" gets to eat a dick. Turns out Japan was smart waiting for other countries to find the really stupid security errors before accepting Sony knowing what's right for them.
Once again an article proves the theory that 90% of internet users never read the story, just the dramatic headlines.
Once again an article proves the theory that 90% of internet users never read the story, just the dramatic headlines.Engadget is reporting that it's not a password reset, but it actually allowed you to enter a new password as well. If true, that was not obvious in this news post.Those that have read the story realise this is not a big deal - and that those details are pretty much used in this way by nearly every site on the net (giantbomb included).Everyone else continue panicking and screaming to get your internet fanboy e-boner high and proud now that you have something to either rage about - or laugh about -which in the latter case just makes you an asshole, because if this WAS a major serious issue, it would not be a laughing matter for those affected.
Yeah people are kinda overreacting in the comments here. All that really came of this was a (hopefully) fixed exploit and some downtime on their web-based login stuff.
This would affect me more if I actually used my PS3 for anything other than movies. I haven't played a game on my PS3 in months! Lucky for me, I guess? A console I never use? Ugh.
Stop race-hating on Sony! This could happen to anybody. The only reason any one is talking about it is because Sony is Japanese. The RROD was infinitely worse than the PSN failure but nobody made even one tenth as much noise.Last I heard, if my Xbox red rings, it doesn't compromise my bank account.
Why are you people still replying to that really boring troll?@JohnPaulVann said:
Stop race-hating on Sony! This could happen to anybody. The only reason any one is talking about it is because Sony is Japanese. The RROD was infinitely worse than the PSN failure but nobody made even one tenth as much noise.Last I heard, if my Xbox red rings, it doesn't compromise my bank account.
VVV seriously how dumb are you VVV
Seems like more of an oversight than a real hack. Someone probably should've thought about the fact that hackers had your date of birth and email before that's all they required for a password reset, but since they locked password resets to your original PS3 (not a bad move, really) I'm not sure how they could've solved having a web-based solution. The hackers have access to all the information Sony had access to, other than maybe sending a temporary password through email (provided you weren't stupid enough to leave your email password the same.)
Please Log In to post.
This edit will also create new pages on Giant Bomb for:
Beware, you are proposing to add brand new pages to the wiki along with your edits. Make sure this is what you intended. This will likely increase the time it takes for your changes to go live.Comment and Save
Until you earn 1000 points all your submissions need to be vetted by other Giant Bomb users. This process takes no more than a few hours and we'll send you an email once approved.
Log in to comment