Sunday, May 29, 2011

PSN attacked again through password change tool

Sony took an embarrassing blow on Tuesday as it confirmed that it had taken down its PSN and Qriocity password reset tools just after bringing service back. An exploit has surfaced that needs only a gamer's e-mail address and the holder's date of birth to get a new password and hijack an account. Eurogamer had seen video evidence of the exploit proving that it worked.


In an official statement, Sony didn't directly acknowledge a breach but did say it had taken the servers down. The compromise didn't affect PSN itself and was limited to the web.


"You will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information," it said. "This maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email."


While much less serious than the original PSN attacks, which compromised the account logins themselves, the exploit compounds Sony's attempts to mend its reputation. The company has already felt obliged to both give two free games and offer a month-long PlayStation Plus subscription to most if not all gamers. It had been saved from a larger catastrophe only since credit card information was more tightly protected and wasn't hacked.


Electronista

No comments:

Post a Comment