Numerous reports today have indicated that a newly-discovered vulnerability allows for PlayStation Network account passwords to be changed with a minimal amount of effort. Through a fairly simple process, anyone who knows an account’s e-mail address and the owner’s birth date is able to reset the account’s password. That’s very worrying after this information (and more) was leaked as a part of last month’s breach, particularly in light of Sony’s renewed focus on security following the attack. Earlier today Sony took down the password reset page for PSN and Qriocity, allegedly in response to the exploit.
Sony’s Senior Director of Corporate Communications & Social Media, Patrick Seybold, told 1UP that it did indeed take down the PSN and Qriocity password reset page as a result of the issue. “We temporarily took down the PSN and Qriocity password reset page,” Seybold said. “Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.” Sony is still encouraging users to reset their PSN passwords on their PS3 or through the website once it’s returned.
Website Nyleveia first learned of the problem and contacted Sony Computer Entertainment Europe to inform it of the issue. It was after this that Sony took down certain sign-in services. This includes the website users are being directed to change their passwords on as a part of the mandatory firmware update Sony recently released as it brought PSN back online.
