Home > News, Playstation 3 > PSN password-reset system compromised

PSN password-reset system compromised


Just a few days after the PSN restoration begun and already there is another problem surfacing.

From GameSpot;

Multiple sources report Web-based method for creating new login info can be hacked with a user’s e-mail and date of birth.

What we heard: Just five days after the PlayStation Network started coming back online, reports are surfacing of a new security flaw with the online systems. Based on an initial article on gaming blog Nyleveia.com that was reportedly confirmed by NeoGAF users and Eurogamer, hackers have discovered a new, simple exploit to change PSN users’ passwords.

The PSN’s Web-based password reset service appears to have been compromised.
The exploit is reportedly done via the Web pages Sony set up to facilitate the mandatory password changes required in the wake of the three-week PSN outage. All that is reportedly needed to perform the exploit is a PSN user’s email account and date of birth, which is among the data that was reportedly stolen from all 77 million PSN and Qriocity users last month. The exploit reportedly does not affect those trying to change their passwords on the PlayStation 3 or PSP, both of which can still access the PSN.

The official story: Though Sony Computer Entertainment America reps had not commented as of press time, a moderator on the European PlayStation.com forums offered the following information:

“Hey Guys,

Please note that PSN sign in is currently unavailable for the following services:

PlayStation.com
PlayStation forums
PlayStation Blog
Qriocity.com
Music Unlimited via the web client
All PlayStation game title websites
Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance and at present it is unclear how long this will take.

In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information.”

Bogus or not bogus?: Not bogus that the PSN password reset page that PlayStation.com directs users to is “currently down for maintenance.”

Meanwhile, Nyleveia.com has reportedly performed the exploit multiple times with multiple volunteers’ PSN accounts. Several websites have also posted detailed instructions on how to perform the exploit, so this also looks not bogus.

Advertisements
  1. faisal
    May 19, 2011 at 7:49 pm

    FUCK YOU SONY!!!!

  2. Flakylakes
    May 19, 2011 at 7:59 pm

    what duh fuck!

  3. September 1, 2014 at 4:26 pm

    Every weekend i used to pay a quick visit this web
    site, for the reason that i want enjoyment, since this
    this web site conations really nice funny data too.

  4. September 14, 2014 at 5:48 am

    Hello! I’mat work browsing your blog from my new iphone 4!

    Just wanted to say I love reading your blog and look forward to all yor
    posts! Carry on the superrb work!

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s