Just days ago, Sony finally began to bring PSN services back online after a protracted outage. In an effort to garner good will, Sony has taken a number of steps, including providing identity theft insurance for PSN users and offering free games as part of a “Welcome Back” promotion. With E3 2011 just ahead, Sony no doubt hopes that the worst of the situation is behind them. Unfortunately, it now appears that users may have a new reason to be wary of PSN.
In order to connect to the restored PSN, customers are asked to download firmware update 3.61, which requires “all registered PlayStation Network users to change their account passwords before being able to sign into the service.” Account passwords can also be reset on PlayStation.com. Password reset requests have been so numerous that they’ve been slowing PSN restoration, but it seems that speed isn’t the only problem with the process.
According to Eurogamer, an exploit in the PlayStation Network password reset system has been discovered that enables hackers to change players’ passwords. The exploit makes use of PSN account holders’ birthdates and email addresses, millions of which were compromised during the attack on PlayStation Network.
Currently, users can not log in to PlayStation.com or the PlayStation forums. Attempting to do so brings the following site maintenance message.
Sony is obviously aware of the situation, though they appear to disagree on the specifics. While they admit an exploit existed, they claim already to have addressed it, and adamantly deny that any sort of “hack” was responsible. From the PlayStation Blog:
“We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.”
“Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.”
No time frame for the return of website in question has been established.
In its statement, Sony appears to be downplaying the seriousness of this latest situation. Given recent history, though, one has to wonder just how such an exploit made its way into Sony’s password reset process. Sony has already been roundly criticized over the PSN situation, from the amount of time it took them to notify customers to the welcome back rewards being offered. Sony had to answer questions for Congress. That they would allow customers to be exposed to yet another vulnerability — however minor — during this process borders on the inconcievable.
Ranters, what is your take on Sony’s latest PSN problem? Will the company ever be able to put this issue behind them?
-
Follow me on Twitter @HakenGaken
Source: Nylevia [via Eurogamer], PlayStation Blog
Xbox One: Watch The Next-Gen Xbox Presentation Here! 
Electronic Arts Engineer Blasts the Wii U 
Kevin Conroy WILL Return For ‘Batman: Arkham Origins’ 
What You May Not Know About The ‘Xbox One’ [Updated] 
Loading ...
hooray for more problems.
youve got to be kiddin right??
dude ps3 sucks ass. i really feel bad for the gamers that are only willing to play ps3 xbox has the better games and the ones ps3 has besides mgs and the final fantaasy vs13 game dude no matter what your argument is no matter what you say ps3 sucks hands down case closed have fun having your stuff hacked every fiv min
Good thing Sony worked so hard for a month for you guys. You get a firewall and updated security.
Updated security for us? Tey should have had our credit card information pretty secure already. Sony hasn’t done a positive thing in forever. The only big thing our PS3′s have anymore is CoD, Which happens to be on the 360. I’ve never owned a 360, but it sure does look like gold right now.
The 360 doesn’t only look like gold, it also requires gold to be played :p
But you can have the most secure system in the world, but even the greatest security only requires an equally great hacker to ruin someone’s day. This breach could’ve happened to anybody, and Sony isn’t the first victim of this.
I think MS is the type of company that would recruit the enemy if it can’t be taken down.
Again, I’m not too worried.
The attacks seems to be aimed at Sony, not the consumers (us). If they had wanted to do anything harmful with the personal information they may or may not have written down on some post-it notes, people would have noticed by now.
Also, this exploit requires the “hacker” to pick a specific e-mail address, and I would be more worried if friends would know this exploit than some hacker.
Yes, it’s ridiculous how much can go wrong for Sony…. But please, PLEASE, don’t overreact to this, don’t cause a sh*tstorm over these small things, it’s really, really tiring.
Of course you wouldn’t overreact if it wasn’t YOUR credit card info stolen and used. Unfortunate for those who had money stolen when they had rent and tuition due, yeah, try telling them to stop overreacting.
It seems odd to me that you don’t think hackers were doing something “harmful”. Either that, or you weren’t aware of people’s money being actually stolen. Or maybe you think bad things never happened because they didn’t happen to you, and those who experienced them sure were lying or were XBox fanboys.
Actually, I have yet to see any reported cases of credit card fraud caused by this PSN breach. Not a single one, and I read a lot of gaming sites, I don’t think I would let that slip by.
Also, the target of this hack was Sony, not the consumers. If the hacker’s goal was to get credit card information and take the money, it would’ve happened just after the breach, before people canceled their cards. That’s how credit card schemes work, they don’t wait to use the information. So with Sony being the target, I’m not too worried about my own credit card.
Even if something were to happen to my card, Visa and Mastercard got me covered. If my card gets abused like that, I’m not liable for any of it, and I would get my money back. This stuff isn’t new, and the credit card companies report if they see any suspicious activity. If they do, I will get a call, would get a new card in the mail and get my money back.
Even worst case scenario, someone stole my identity, Sony would cover that with their Identity Theft insurance. But seriously, why would hackers go into PSN and cause the world’s largest cyber-breach in history to steal our identities? I don’t think that would be the best place to steal from, and I think my personal information is more easily accessible else where. You don’t have to hack PSN to get info like that, there are plenty of less secure services out there which we all use and trust.
So no. I am not worried. Should I? Has anyone got their lives ruined, or even mildly inconvenienced, by this breach? I have yet to hear form them, and the biggest problem this has caused, it seems, is the whining gamers which can’t game online for a month. And people complain that the gift basket with free games isn’t large enough. If that’s all the problems caused by this breach, then yeah, I don’t care to overreact.
But you prove me wrong if you insist on me being just some fanboy or self-centered dude. Just because I’m not harmed doesn’t mean other can’t be harmed either, you’re right on that. But show me the case where someone was harmed because of this PSN breach.
I find it very hard to believe that you have yet to seen ONE claim on game boards (not that I’m accusing you of lying). It would have made more sense if you simply neglected it as a lie, but you’ve never even seen one?? The most recent one I saw was on L.A.Noire’s XBox GameFAQs board, where people were talking about crimes, leading to credit card frauds, leading to PSN breach. The thread was later deleted due to people fighting over whether death penalty should or should not exist. I believed the guy was telling the truth, because it wasn’t brought up during a “system war”.
I agree with you, though, I find their constant whining annoying. People who go on and on about switching pre-orders are beyond my believes, they made it sound as if it was the end of the world.
And no, I don’t believe credit card frauds can ruin one’s life, but it sure IS inconvenient. I’ve had it happened to me once, $200 was charged on my card out of the blue, which pushed it over my limit. The bank had to investigate it after I filed a claim, and I had to wait for a new card. However, I couldn’t use the card either way because before the investigation was cleared, I was still over-limit.
It took them a little more than a month to clear my case and it was only $200.
As for targets, I believe it is spontaneous:
Someone broke into a house intending to simply sabotage, but then he saw a valuable watch laying on the table, would he not take it?
It’s the same thing, today hackers wanted to harm Sony, but if he could use a few credit cards at his disposal in the process, why wouldn’t he do it?
The best part is, how would that make Sony look? People who have their cards stolen could possibly be suing Sony. It’s a win-win situation for the hackers.
With this mindset, I’m sure you can understand why some people are paranoid. It’s the “possibility” that is disturbing.
http://news.yahoo.com/s/ac/20110429/bs_ac/8385401_sony_playstation_network_hacked_our_familys_information_stolen
LEAVE SONY ALONE!! *sob*
I’d be very angry if it was the hackers, again. How immature can these people really get? Enough is enough. I remember people defending hackers on the Sony’s case before, I wonder how these hypocrites feel now.
Word from the underworld seems to imply that the group known as ‘Anonymous’ has split into two opposing factions, one of which is hitting Sony, and one of which is denying that Anon had anything to do with it. I don’t support either side, though. I just want to play the games.
Japanese gov’t wont be happy
I don’t see what the big deal is, they can change your password? So call customer service to change it back. It’s not like they can see your credit card number on it.