Wonderful job those security consultants did...

http://www.computerandvideogames.com/302043/playstation-network-accounts-threatened-by-new-password-exploit/

Sony's new PlayStation Network security measures have seemingly been circumvented just days after the service reboot.

According to reports originating from Nyleveia, a new exploit enables attackers to change other users' passwords via the PSN password reset page members are forced to access when they first reconnect to the online service.

Attackers can apparently reset the password themselves using just a PSN account email and date of birth, pieces of data that were compromised in the recent PSN hack.

Nyleveia says it has seen a direct demonstration of the exploit using a newly created test account - and that 15 minutes after informing Sony Computer Entertainment Europe of the exploit the platform holder disabled web-based PSN logins.

The official PlayStation EU Twitter account says the web-based password reset page has been taken down for "maintenance" which "doesn't affect PSN on consoles, only the website you click through to from the password change email".

Nyleveia recommends securing your accounts now by creating a completely new email address - that you won't use anywhere else - and then attaching it to your PSN account.

In an update on the EU PlayStation forums, Sony said:

"Please note that PSN sign in is currently unavailable for the following services: PlayStation.com, PlayStation forums, PlayStation Blog, Qriocity.com, Music Unlimited via the web client, all PlayStation game title websites.

"Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance and at present it is unclear how long this will take.

"In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information."

On Sunday, SCEE finally confirmed that PSN services had started coming back online in Europe after over three weeks of online gaming blackout on PS3.

[ Source: Nyleveia ]

These people really need to go fuck themselves

You mean Sony? They are fucking themselves.

In all seriousness, this isn't a hack. It's an exploit. The people who discovered it could have wreaked havoc (though not as much as if the Store were up), but instead they publicized it so as to alert Sony.

I even heard they are using 5 year old condoms... but they say it's safe..

yeah, this was a helpful user who provided Sony the information.

I mean, come the fuck on Sony. You make it incredibly hard to defend you.

What happened to that update where passwords could only be set from the console? Did I imagine all that?

Old news , already fixed.

Today's news = old news ?

Putting parts of the site under maintenance = fixed ?

*facepalm*  someone at Sony has to be preparing for ritual suicide right now.  Well, at least the system is secure, right?  I mean, at least they wouldn't have had to hack into the server to take over our accounts.  It was available through the webpage!

This particular incident might be forgotten after a while, even faster than the recent outage... but if they get seriously hacked again anytime in the next few months, then you might start seeing some seppuku.