Wonderful job those security consultants did...
Sony's new PlayStation Network security measures have seemingly been circumvented just days after the service reboot.
According to reports originating from Nyleveia, a new exploit enables attackers to change other users' passwords via the PSN password reset page members are forced to access when they first reconnect to the online service.
Attackers can apparently reset the password themselves using just a PSN account email and date of birth, pieces of data that were compromised in the recent PSN hack.
Nyleveia says it has seen a direct demonstration of the exploit using a newly created test account - and that 15 minutes after informing Sony Computer Entertainment Europe of the exploit the platform holder disabled web-based PSN logins.
The official PlayStation EU Twitter account says the web-based password reset page has been taken down for "maintenance" which "doesn't affect PSN on consoles, only the website you click through to from the password change email".
Nyleveia recommends securing your accounts now by creating a completely new email address - that you won't use anywhere else - and then attaching it to your PSN account.
In an update on the EU PlayStation forums, Sony said:
"Please note that PSN sign in is currently unavailable for the following services: PlayStation.com, PlayStation forums, PlayStation Blog, Qriocity.com, Music Unlimited via the web client, all PlayStation game title websites.
"Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance and at present it is unclear how long this will take.
"In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information."
On Sunday, SCEE finally confirmed that PSN services had started coming back online in Europe after over three weeks of online gaming blackout on PS3.
[ Source: Nyleveia ]
My Mario Kart Wii friend code: 2707-1866-0957