So the PlayStation Network is back, and Sony has forced every PSN user to change their password. Crisis over, right? Er, maybe not.
Just as I assumed I wouldn’t have to write another depressing PSN hack story ever again, it’s emerged the new PlayStation Network password reset system can be exploited to alter passwords – and this can be done using quite basic data that was leaked in the original PSN hack. Using only your PSN account email and your date of birth, an attacker can change the password on your account and lock you out for ever.
Fortunately, online gaming is still available for now, though Sony is urging all users to create a new email account and get it changed for “when this hack becomes more public.” Well, at least Sony is getting the word out quickly this time. Here’s what Sony has to say:
“This means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance and at present it is unclear how long this will take. In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information.”
The company also later tweeted: “Clarification: this maintenance doesn’t affect PSN on consoles, only the website you click through to from the password change email.”
Man, someone has some serious beef with Sony.
[Via Nyleveia and Eurogamer]