Well, Crap... Sony's Password Reset System Has Been Compromised
Posted by Giant Bomb May 18 2011 15:21 GMT in Infamous
- Like?
In case you were betting on how long it was going to take for something to go wrong on the PSN after it began to come back online last weekend, those of you who bet on "five days or less" win the door prize. Congratulations: you get a free copy of inFamous, and your password stolen again.

Late last night, Nyleveia discovered--and users on NeoGAF have verified--that Sony's online password reset system--specifically, the web-based version on sites such as PlayStation.com and Qriocity.com--has a rather nasty exploit in it that allows any would-be hacker to simply reset your account password provided they know your PSN account email and your date of birth. That's it. Entering that info apparently lets anyone who knows the exploit reset your password and access your account. On the plus side, you'll get an email sent to you notifying you that your password has been reset. So that's awesome.

Not long after this was reported, Sony took all of its web-based login systems down, and as of this writing, there is no specific update as to how long this fix will take to put into place. The official SCEE Twitter account noted this morning that "this maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email." So, to clarify, you can still log in on your console and play games online via PSN. You just can't use any of the web-based login sites until Sony fixes this exploit.

Nyleveia suggested that users create an entirely new email address for their PSN accounts, one not associated with any other online accounts in order to be absolutely safe. Because that's where we're at now. We're creating all new accounts just to be able to safely log into the PlayStation Network. I really hate the Internet sometimes.



Sign-in to post a reply.