by Stacy Jones on May 18, 2011
Just when it looked like Sony had a handle on things and was about to get back to normal, a new password exploit brought down the Playstation Network (PSN) password page today. According to a report from Nyleveia, the PSN and Qriocity password reset was temporarily taken down today after an exploit was discovered that allowed people to change user passwords via the PSN password reset page. Eurogamer also received video evidence confirming the exploit.
Nyleveia was contacted by a user who managed to demonstrate the exploit by accessing a dummy account created by the site. By using just the account's date of birth and original email, the user was able to access the account and change the password and email address. While that might not seem like a big deal in any other case, the fact that over 100 million accounts were compromised in last month's breach makes it a bit more likely that at least some accounts may have been at risk yet again.
An update from Sony on the Playstation website is quick to point out that there was no hack involved in the security flaw as original reports had indicated but rather an exploit using the password reset URL that has since been fixed. There's currently no indication that Sony Online Entertainment accounts might have been at risk, but all the same, you might want to change those PSN and SOE passwords again just to be safe.
Sources:
Nyleveia
MSNBC
MCV
Eurogamer
Playstation Blog