PSN Password Reset Exploit Discovered; Web-Based Sign-In Services Taken Offline


Posted May 18, 2011 - By Jake Gaskill

  • News
  • Previews
  • Review
  • Videos
  • Screenshots
  • Cheats and Walkthroughs

  • News
  • Previews
  • Review

PSN Password Reset Exploit Discovered; Web-Based Sign-In Services Taken Offline

UPDATED 11:25am PST: Sony's Patrick Seybold just posted the following update on the official PlaStation Blog:

"We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed. Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up."

Original story follows:

Sony’s PlayStation Network has once again been compromised after an exploit was discovered in the newly launched password reset system that was recently brought online as part of Sony’s PSN relaunch.

According to Eurogamer, cyber attackers were able to use this exploit to change user passwords and potentially compromise user accounts. In order to do so, hackers would need to know a user’s E-mail address and date of birth, which would normally be a bit of a stumbling block, but as millions of PSN users are intimately aware, these pieces of information were among those that were stolen during the historic PSN attack that took place last month.

To prevent further damage, Sony has pulled the plug on PSN sign-in portals across its various websites, including PlayStation.com and Qriocity.com, however, as Sony told Eurogamer, “In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information.”

The exploit was first discovered by a poster at Nyleveia, who promptly contacted Sony about the issue. It took Sony several hours to respond to the message, but it was reported that the sign-in services were taken offline 15 minutes after Sony responded to the original notice.

Sony is reportedly addressing the exploit, but in the meantime, Nyleveia recommends changing the E-mail address associated with your PSN account just to be safe, assuming that isn't a huge hassle for you or anything.

Over the weekend, Sony announced that the PlayStation Network was going to be restored in a series of phases starting with a mandatory password change. The first thing to be restored was online gaming for the PlayStation 3, and things like purchasing stuff from the PS Store will be available sometime in the future.

Once the PSN went back up, Sony revealed its "make good" offer to consumers: free games, movies, PlayStation Plus access, and free stuff for the PlayStation Home. The games include Dead Nation, inFAMOUS, LittleBigPlanet, Super Stardust HD and Wipeout HD + Fury.

PSN Password Reset Exploit Discovered; Web-Based Sign-In Services Taken Offline


Blog Tags

  • International Sexy Ladies Show: Messy Cat Fight

    Posted: January 27, 2010

    644,696 Views | 00:49

  • Sara Underwood's Naked Bike Ride

    Posted: June 22, 2011

    1,316,284 Views | 05:20

  • Laser Snake Robots, More Mars Rovers and BigDog Is Back

    Posted: September 25, 2012

    1,290 Views | 03:00

  • NBA 2K13 Launch Trailer

    Posted: October 4, 2012

    5,601 Views | 01:53

  • Casual Vomiting - Web Soup Investigates

    Posted: March 30, 2011

    7,570 Views | 02:52