Sign in with
Sign up | Sign in

Password Recovery Bug Puts PSN Users at Risk

By - Source: Nyleveia | B 33 comments

Sony has suffered another blow as reports indicate that even users that have changed their passwords since PSN has come back online are still at risk.

This past weekend, Sony finally reached its goal of bringing PSN back online. Along with a service restart, Sony also rolled out a mandatory update to all users, which required that they change their password before logging in. However, it seems things still aren’t secure, despite this forced password change, as users’ accounts may still be at risk.

A posting over on game blog Nyleveia claims that all accounts remain unsafe because of a hack that allows a third party to change your password using only your email address and date of birth. Nyleveia claims that its source demonstrated the exploit and they received a ‘password successfully changed email’ from Sony and could no longer use their own password to sign in.

Nyleveia contacted Sony, providing a detailed account of the exploit and, shortly after, Sony shut down web-based PSN login and password recovery. Right now, users attempting to sign in via PlayStation.com are seeing the following notice:



Considering email addresses and DOBs were among the data stolen during last month's attack, it's plausible that the people responsible for that breach could potentially take over your account. Sony has yet to comment on the validity of the exploit, but Nyleveia suggests making a brand new email address just for your PSN account. We'll update if Sony comments on the situation.

Read more about the exploit here.

Display 33 Comments.
This thread is closed for comments
  • 2 Hide
    JOSHSKORN , May 18, 2011 7:44 PM
    Oops! Probably should've come up with a different password recovery method, considering users' data was stolen.
  • 3 Hide
    Tmanishere , May 18, 2011 7:44 PM
    This is the song that never ends,
    It just goes on and on, my friends.
  • 0 Hide
    maestintaolius , May 18, 2011 7:49 PM
    Hmm... whoops.
  • 1 Hide
    zak_mckraken , May 18, 2011 7:51 PM
    Looks like more free games are on the way... Well, not for me of course since I don't own a PS3.
  • 2 Hide
    Trialsking , May 18, 2011 7:54 PM
    zak_mckrakenLooks like more free games are on the way... Well, not for me of course since I don't own a PS3.


    Yeah me neither. I am glad to be an "elitist" PC gamer. But I do have sympathy for those affected.
  • 1 Hide
    dfusco , May 18, 2011 7:59 PM
    I just took my PS3 out to the driveway and battered it into wretched debris with a hammer.
  • 3 Hide
    someguynamedmatt , May 18, 2011 8:04 PM
    TrialskingYeah me neither. I am glad to be an "elitist" PC gamer. But I do have sympathy for those affected.

    Same here, although I don't feel any sympathy whatsoever. That was ripped out of me when I was told by a bunch of PS3 owners that PCs werent meant for gaming, that my system was crap, and that there's no difference whatsoever between it and a PS3. Actually, the PS3 is apparently better at gaming than a gaming PC.
    Nope. No sympathy to be found here. Ignorance is bliss, I guess, when you don't understand that someone's GPU alone has more power than your entire console, nor what the word "resolution" means, nor anything else that has anything to do with graphical quality whatsoever. I don't mind that people like their consoles - that's just fine with me. But when they go out of their way to bash on PC 'elitists', that's when they need to be put in pain.
    /rant on why I hate most console gamers
  • 0 Hide
    Anonymous , May 18, 2011 8:06 PM
    ahahahahahahaaa
  • 2 Hide
    kinggraves , May 18, 2011 8:09 PM
    If PSN had only been down a day I could've said "they just rushed it and forgot to double check", but after being down for weeks....really? I mean, Sony...REALLY? Not ONE person there said "Hey, maybe using the stolen personal data to recover passwords, not a good idea?" in that ENTIRE TIME?

    This is the problem with corporations nowadays, CEOs write their own checks and answer to no one. If I was a shareholder I'd demand the resignation of anyone who hasn't been on vacation for the past month. Taco Bell managers have more common sense than the people who are running Sony. Considering how dependent they are on brand recognition, this kind of sloppy bandaging is going to do unimaginable damage to their profits.
  • 1 Hide
    zkevwlu , May 18, 2011 8:13 PM
    Well after this incident I don't think the Japanese will let Sony turn PSN back on ever again.
  • 4 Hide
    Kami3k , May 18, 2011 8:18 PM
    And people were going after the Japanese government for preventing it from going back online in Japan, LOL.

    Seems like the government there does it's job, protecting the people.
  • 0 Hide
    iNiNe5 , May 18, 2011 8:22 PM
    A combination of Email + DOB is often good enough to change many passwords on many different sites, not just PSN. What they need to do is require you to have to log into your email account and click on the activate link to officially reset the password, and re-activate your account. If you can simply change it without having to access your email to activate, then that's messed up.
  • 3 Hide
    jfby , May 18, 2011 8:27 PM
    I almost fell out of my chair laughing at this one; Sony how much easier can it get? You need a new validation method that goes beyond information that you know was stolen!!

    I game on both the PS3 AND PC. I got the PS3 for the exclusive titles and the Blue Ray player (at the time it price comparible to the blueray players I was looking at) but the computer is far superior for gaming. I'm one of the seemingly rare people that thinks there is room for both.

    And YES, I HATE console ports, and if the PS ever losses the stranglehold they have on the games I play on it, I won't be getting a PS4 or whatever it will be called.
  • 0 Hide
    zkevwlu , May 18, 2011 8:45 PM
    I recommend the movie Gung Ho starring Michael Keaton. You guys should see what happens to Japanese white collars who puts their company in this level of disgrace.
  • 2 Hide
    11796pcs , May 18, 2011 8:50 PM
    someguynamedmatt: I know exctly what you're talking about, but there are people who own PS3s that simply use them for the Blu-Ray player and some "elite" PC users who use them for exclusive titles (in my case Rock Band). But yeah I don't really feel compasion towards the idiots who think their PS3s are better than PCs. I absolutely hate it when console owners diss the only true platform- because every console is really just a small personal computer anyway. Heck, without mainstream PCs pushing technology forward those stupid mindless console owners would still be playing Pac-Man.
  • 0 Hide
    molo9000 , May 18, 2011 8:56 PM
    Good thing they removed PS2 backwards compatibility long ago....
    I would probably own a PS3 now if they hadn't done that.
  • 0 Hide
    NuclearShadow , May 18, 2011 9:02 PM
    I'm not sure what was going through Sony's mind when coming up with this terrible method of changing a password. At this point I don't think even the most hardcore PS3 fanboy could defend this. It's weak to start with but to keep such a method after personal info on the consumers was stolen that includes this exact info required. That is just incompetent.
  • 1 Hide
    spectrewind , May 18, 2011 9:30 PM
    someguynamedmattSame here, although I don't feel any sympathy whatsoever. That was ripped out of me when I was told by a bunch of PS3 owners that PCs werent meant for gaming, that my system was crap, and that there's no difference whatsoever between it and a PS3. Actually, the PS3 is apparently better at gaming than a gaming PC.Nope. No sympathy to be found here. Ignorance is bliss, I guess, when you don't understand that someone's GPU alone has more power than your entire console, nor what the word "resolution" means, nor anything else that has anything to do with graphical quality whatsoever. I don't mind that people like their consoles - that's just fine with me. But when they go out of their way to bash on PC 'elitists', that's when they need to be put in pain./rant on why I hate most console gamers



    Same here...for the most part. I have a PS3 as my way of "dumbing down" to play with the people I want to do online gaming with who see a PC as a barrier. Other side of it... PS3 exclusive games I wanted to enjoy.

    On the other hand... triple-head gaming on a current NV/AMD gpu *and* chatting via Ventrilo is something I never happening via console.
  • 0 Hide
    badaxe2 , May 18, 2011 9:41 PM
    Pretty much what Pachter said, changing to a PS3 exclusive email.

    http://www.gametrailers.com/video/episode-215-pach-attack/713901
  • 0 Hide
    redgarl , May 18, 2011 10:12 PM
    Why even asking a date of birth... seriously, Sony didn't learn anything from the last events...

    It should be a security question like what is the name of the first street you lived on... you know... it is logical, so my idea is not going to be used...
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter