Just two days after the PlayStation Network was restored after a near month-long outage, the PSN password page has apparently been exploited. According to reports, the exploit allows other users to reset your account password using only your e-mail address and date of birth. This personal data was made available to hackers during the initial PSN attack.
The issue was first reported by Nyleveia, which was contacted by an unnamed source who reportedly performed the hack on a dummy account, prompting an e-mail message confirming that the password had been changed. Similar reports on gaming forum NeoGAF show an identical situation, in which the user provided the necessary information only to receive two subsequent e-mails: one claiming that someone was attempting to change the account's password and requesting the user click on a confirmation link, and another confirming that the password had been changed.
Nyleveia’s unnamed source demoed this breach to the staff to prove that it is a real threat, and Eurogamer has also seen video evidence that corroborates with Nylevia’s claims. Nyleveia has also passed what it discovered to Sony Computer Entertainment Europe. Since then, a number of sites have become inaccessible for login including:
PlayStation.com
PlayStation forums
all PlayStation game titles
PlayStation Blog
Qriocity.com
Music Unlimited via the web client
site where users are directed to to reset their passwords
In a brief statement confirming that the PSN has been taken offline, Sony said, “Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance and at present it is unclear how long this will take.
The report comes from gaming blog Nyleveia, which posted a warning to PSN users that their passwords might not be safe and contacted Sony about it.
Another blog, Eurogamer, says it confirmed the exploit, which allows someone to reset your password by knowing your e-mail address used for the account and date of birth. That information is known to be among the data belonging to 100 million users of Sony's gaming services that was exposed between April 17 and 19 in the second-largest security breach in U.S. history.
Eurogamer says users that changed the e-mail address connected to the PSN account after PSN was restored this weekend should not be at risk.
Yesterday, speaking to a handful of reporters, Sony CEO Howard Stringer admitted that while the company had rebuilt the security for PSN during the three weeks it was unavailable, no system could be guaranteed "100 percent secure.
No comments:
Post a Comment