[Update] Sony Computer Entertainment has released an official statement on the web-based password reset functionality, assuring us that no “hack” took place, but an exploit in the online process has been fixed. Get the full thing below. [End of Update]
Will Sony’s luck never turn?
Just days (and in some cases, a day) after Sony was able to bring its PlayStation Network service back to life following three weeks of inactivity, reports are doing the rounds that the online password reset system (used to allow PSN members to get back into the network) has been compromised.
According to these reports, anyone with knowledge of your email address and date of birth is able to log in as you and change your password, thus gaining access to your account.
As a result of the original PlayStation Network hack, this is exactly the kind of information that was leaked to cybercriminals perpetrating the hack.
Sony has in the meantime taken the online PSN password reset system offline to prevent passwords being changed by unwanted guests, but you’re still able to manually change your password through your PlayStation 3 and PSP.
Here’s SCE’s statement on the password reset process:
“We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.
“Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.”
So as reported, while there was no ‘hack,’ per se, the exploit that potentially allowed unwanted guests access to your account has been fixed. Carry on.
Source: US PlayStation Blog
[End of Update]