Thursday, May 19, 2011

Sony PlayStation Network ‘hacked’ again, user passwords affected

With Sony's PlayStation Network freshly back online, attackers have once again breached the system, this time going for a vulnerability with the system's password reset.

This is getting (more) ridiculous. Not even two days after Sony restored its embattled PlayStation Network for most users worldwide, cyber criminals have once again launched an attack, this time going after the PSN’s password reset system. In order for users to reconnect to the PSN, they were required to reset their passwords. You know, for security reasons…

News of this third, most recent attack were originally reported on Nyleveia.com, which warned PSN users that “accounts are still not safe.”

“I want to make this clear to ALL PSN users. Despite the methods currently employed to force a password change when you first reconnect to the PlayStation network, your accounts still remain unsafe,” writes Nyleveia. “A new hack is currently doing the rounds in dark corners of the internet that allows the attacker the ability to change your password using only your account’s email and date of birth. It has been proven to me through direct demonstration on a test account, so I am without any shadow of a doubt that this is real.”

Following the Nyleveia post there was, in fact, some doubt that this was real. But further tests by Eurogamer proved that the breach was real, which caused prompt action from Sony. In response, the company has blocked PSN login access to a number of its site, and the PSN password reset site has also been taken offline.

Sony responded to the new attack, saying: “Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being. (read more)