Sony has taken down a number of its websites, after a new exploit
regarding PlayStation Network usernames and passwords was revealed,
according to media reports.
Signing into PlayStation.com, Qriocity.com and the PlayStation forums
has been suspended until the company has resolved the issue. According to
games site Nyleveia, and backed up by Eurogamer and users at NeoGAF, a
new exploit allowed anyone to reset another user's password with just
their username and date of birth.
The exploit was available via a special page that Sony had set up to
help users change their passwords -- the page has now been taken down.
Unsurprisingly, Sony did not give a specific reason for the suspension
of service on its site, stating via the official PlayStation Twitter,
"This is due to essential maintenance and at present it is unclear how
long this will take."
"In the meantime you will still be able to sign into PSN via your
PlayStation 3 and PSP devices to connect to game services and view
Trophy/Friends information."
It later clarified, "This maintenance doesn't affect PSN on consoles,
only the website you click through to from the password change email."
[UPDATE: A post on the PlayStation blog clarifies that there was "no hack involved" in the password reset page's URL exploit.
The exploit has been fixed and the password reset page should be safe to
use when it goes back online, the company said. PSN users can still
reset their passwords through their PS3s.]
regarding PlayStation Network usernames and passwords was revealed,
according to media reports.
Signing into PlayStation.com, Qriocity.com and the PlayStation forums
has been suspended until the company has resolved the issue. According to
games site Nyleveia, and backed up by Eurogamer and users at NeoGAF, a
new exploit allowed anyone to reset another user's password with just
their username and date of birth.
The exploit was available via a special page that Sony had set up to
help users change their passwords -- the page has now been taken down.
Unsurprisingly, Sony did not give a specific reason for the suspension
of service on its site, stating via the official PlayStation Twitter,
"This is due to essential maintenance and at present it is unclear how
long this will take."
"In the meantime you will still be able to sign into PSN via your
PlayStation 3 and PSP devices to connect to game services and view
Trophy/Friends information."
It later clarified, "This maintenance doesn't affect PSN on consoles,
only the website you click through to from the password change email."
[UPDATE: A post on the PlayStation blog clarifies that there was "no hack involved" in the password reset page's URL exploit.
The exploit has been fixed and the password reset page should be safe to
use when it goes back online, the company said. PSN users can still
reset their passwords through their PS3s.]