Sony PSN Password Web Page Suffers Exploit

by on May 18, 2011

Just when things were starting to look up for Sony, another security fear has today arisen for the company. Eurogamer has reported that the PlayStation Network password reset system suffers from an exploit that allows passwords to be changed by attackers using the information compromised in the initial attack on PSN in April, which caused weeks of downtime for the network.

In response to the exploit, Sony quickly responded — to its credit — and users are currently unable to sign into PSN via PlayStation.com, PlayStation forums, PlayStation Blog, Qriocity.com, Music Unlimited via the web client and all PlayStation game title websites while the exploit is fixed. Users will still be able to sign into PSN on their PlayStation consoles.

This news will unfortunately affect gamers who have yet to change their passwords via the website, as the page  has now been taken down by Sony. Here’s what Sony had to say on the matter:

“Unfortunately this also means that those who are still trying to change their password password via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance and at present it is unclear how long this will take.

In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information”

Website Nyleveia.com first discovered the exploit and it recommends that users change the email linked to their PSN accounts to a new address. You can read what they have to say about the matter in more detail here.

We hope this one is fixed quickly, but as a matter of caution we would also advise that you change the email address connected with your PSN account. We hope to get an official statement from Sony soon clearing up the matter.

[UPDATE] Sony has has just updated users with the following information on the PlayStation Blog:

“We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed…Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up”

Source: Eurogamer