Password Recovery Bug Puts PSN Users at Risk

This past weekend, Sony finally reached its goal of bringing PSN back online. Along with a service restart, Sony also rolled out a mandatory update to all users, which required that they change their password before logging in. However, it seems things still aren’t secure, despite this forced password change, as users’ accounts may still be at risk.

A posting over on game blog Nyleveia claims that all accounts remain unsafe because of a hack that allows a third party to change your password using only your email address and date of birth. Nyleveia claims that its source demonstrated the exploit and they received a ‘password successfully changed email’ from Sony and could no longer use their own password to sign in.

Nyleveia contacted Sony, providing a detailed account of the exploit and, shortly after, Sony shut down web-based PSN login and password recovery. Right now, users attempting to sign in via PlayStation.com are seeing the following notice:



Considering email addresses and DOBs were among the data stolen during last month's attack, it's plausible that the people responsible for that breach could potentially take over your account. Sony has yet to comment on the validity of the exploit, but Nyleveia suggests making a brand new email address just for your PSN account. We'll update if Sony comments on the situation.

Read more about the exploit here.

Jane McEntegart works in marketing communications at Intel and was previously Manager of Content Marketing at ASUS North America. Before that, she worked for more than seven years at Tom's Guide and Tom's Hardware, holding such roles as Contributing Editor and Senior News Editor and writing about everything from smartphones to tablets and games consoles.