This isn't as bad as it could have been -- Sony's PSN hasn't exactly been hacked again -- but what can only be described as a glaring oversight looks to have forced the company into hastily switching off PSN logins on its websites. The issue? If you legitimately forget your password and need to reset it, previously all you had to do was type in your e-mail address and date of birth, then choose a delightfully cunning new password. Sounds good? More inside
The problem is that if you were a PSN member before the hack then both your e-mail address and your date of birth (plus a lot of other frightening stuff) is known to the hackers. So, whoever has the millions of rows of data that were exposed could, in theory, re-exploit any account. Sony was made aware of the issue and those pages are now offline again, which should make the Japanese government feel just a little big smug. via [engadget]
PSN password reset page could be violated using info stolen in original hack
It's the nightmare it must have been dreading. Evidence is mounting that one of Sony's fresh PSN security measures has already been circumvented.
The exploit allows people to change users' password via the PSN password reset page using only a PSN account email and date of birth – both of which were obtained by hackers in the original breach.
It was first exposed by Nylevia.com, and while on the face of things it looked unlikely Eurogamer now claims to have verification of the hack's authenticity.
As a result, PSN sign-in is now unavailable on a number of Sony's sites. The site that password reset emails direct users to has also been taken down.
"Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being," a Sony statement confirmed.
via [MCV]
No comments:
Post a Comment