Quantcast
PSN accounts threatened by new password exploit

Forums - Sony Discussion - PSN accounts threatened by new password exploit

Wonderful job those security consultants did...

http://www.computerandvideogames.com/302043/playstation-network-accounts-threatened-by-new-password-exploit/

 

Sony's new PlayStation Network security measures have seemingly been circumvented just days after the service reboot.

According to reports originating from Nyleveia, a new exploit enables attackers to change other users' passwords via the PSN password reset page members are forced to access when they first reconnect to the online service.

Attackers can apparently reset the password themselves using just a PSN account email and date of birth, pieces of data that were compromised in the recent PSN hack.

Nyleveia says it has seen a direct demonstration of the exploit using a newly created test account - and that 15 minutes after informing Sony Computer Entertainment Europe of the exploit the platform holder disabled web-based PSN logins.


The official PlayStation EU Twitter account says the web-based password reset page has been taken down for "maintenance" which "doesn't affect PSN on consoles, only the website you click through to from the password change email".

Nyleveia recommends securing your accounts now by creating a completely new email address - that you won't use anywhere else - and then attaching it to your PSN account.

In an update on the EU PlayStation forums, Sony said:

"Please note that PSN sign in is currently unavailable for the following services: PlayStation.com, PlayStation forums, PlayStation Blog, Qriocity.com, Music Unlimited via the web client, all PlayStation game title websites.

"Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance and at present it is unclear how long this will take.

"In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information."

On Sunday, SCEE finally confirmed that PSN services had started coming back online in Europe after over three weeks of online gaming blackout on PS3.


[ Source: Nyleveia ]



My Mario Kart Wii friend code: 2707-1866-0957

Around the Network



 

Face the future.. Gamecenter ID: nikkom_nl (oh no he didn't!!) 

These people really need to go fuck themselves



ǝןdɯıs ʇı dǝǝʞ oʇ ǝʞıן ı ʍouʞ noʎ 

Ask me about being an elitist jerk

Time for hype

leatherhat said:

These people really need to go fuck themselves

You mean Sony? They are fucking themselves.

In all seriousness, this isn't a hack. It's an exploit. The people who discovered it could have wreaked havoc (though not as much as if the Store were up), but instead they publicized it so as to alert Sony.



This reminds me of Epic Mickey.

Lots of people working on something for quite a long time and when the product finally releases you have to wonder if the majority of these people actually did anything or were just watching youtube videos or whatever on their computers while they pretended to work.



Legend11 correctly predicted that GTA IV (360+PS3) would outsell SSBB. I was wrong.

A Biased Review Reloaded / Open Your Eyes / Switch Gamers Club

Around the Network
badgenome said:
leatherhat said:

These people really need to go fuck themselves

You mean Sony? They are fucking themselves.

I even heard they are using 5 year old condoms... but they say it's safe..



 

Face the future.. Gamecenter ID: nikkom_nl (oh no he didn't!!) 

yeah, this was a helpful user who provided Sony the information.

I mean, come the fuck on Sony. You make it incredibly hard to defend you.

What happened to that update where passwords could only be set from the console? Did I imagine all that?



Old news , already fixed.



HKN said:

Old news , already fixed.


Today's news = old news ?

Putting parts of the site under maintenance = fixed ?



My Mario Kart Wii friend code: 2707-1866-0957

*facepalm*  someone at Sony has to be preparing for ritual suicide right now.  Well, at least the system is secure, right?  I mean, at least they wouldn't have had to hack into the server to take over our accounts.  It was available through the webpage!



Thank god for the disable signatures option.