Password Recovery Bug Puts PSN Users at Risk

By Jane McEntegart
published

Sony has suffered another blow as reports indicate that even users that have changed their passwords since PSN has come back online are still at risk.

This past weekend, Sony finally reached its goal of bringing PSN back online. Along with a service restart, Sony also rolled out a mandatory update to all users, which required that they change their password before logging in. However, it seems things still aren’t secure, despite this forced password change, as users’ accounts may still be at risk.

A posting over on game blog Nyleveia claims that all accounts remain unsafe because of a hack that allows a third party to change your password using only your email address and date of birth. Nyleveia claims that its source demonstrated the exploit and they received a ‘password successfully changed email’ from Sony and could no longer use their own password to sign in.

Nyleveia contacted Sony, providing a detailed account of the exploit and, shortly after, Sony shut down web-based PSN login and password recovery. Right now, users attempting to sign in via PlayStation.com are seeing the following notice:



Considering email addresses and DOBs were among the data stolen during last month's attack, it's plausible that the people responsible for that breach could potentially take over your account. Sony has yet to comment on the validity of the exploit, but Nyleveia suggests making a brand new email address just for your PSN account. We'll update if Sony comments on the situation.

Read more about the exploit here.

Jane McEntegart

Jane McEntegart works in marketing communications at Intel and was previously Manager of Content Marketing at ASUS North America. Before that, she worked for more than seven years at Tom's Guide and Tom's Hardware, holding such roles as Contributing Editor and Senior News Editor and writing about everything from smartphones to tablets and games consoles.

33 Comments Comment from the forums
  • JOSHSKORN
    Oops! Probably should've come up with a different password recovery method, considering users' data was stolen.
    Reply
  • Tmanishere
    This is the song that never ends,
    It just goes on and on, my friends.
    Reply
  • maestintaolius
    Hmm... whoops.
    Reply
  • zak_mckraken
    Looks like more free games are on the way... Well, not for me of course since I don't own a PS3.
    Reply
  • Trialsking
    zak_mckrakenLooks like more free games are on the way... Well, not for me of course since I don't own a PS3.
    Yeah me neither. I am glad to be an "elitist" PC gamer. But I do have sympathy for those affected.
    Reply
  • dfusco
    I just took my PS3 out to the driveway and battered it into wretched debris with a hammer.
    Reply
  • someguynamedmatt
    TrialskingYeah me neither. I am glad to be an "elitist" PC gamer. But I do have sympathy for those affected.Same here, although I don't feel any sympathy whatsoever. That was ripped out of me when I was told by a bunch of PS3 owners that PCs werent meant for gaming, that my system was crap, and that there's no difference whatsoever between it and a PS3. Actually, the PS3 is apparently better at gaming than a gaming PC.
    Nope. No sympathy to be found here. Ignorance is bliss, I guess, when you don't understand that someone's GPU alone has more power than your entire console, nor what the word "resolution" means, nor anything else that has anything to do with graphical quality whatsoever. I don't mind that people like their consoles - that's just fine with me. But when they go out of their way to bash on PC 'elitists', that's when they need to be put in pain.
    /rant on why I hate most console gamers
    Reply
  • ahahahahahahaaa
    Reply
  • kinggraves
    If PSN had only been down a day I could've said "they just rushed it and forgot to double check", but after being down for weeks....really? I mean, Sony...REALLY? Not ONE person there said "Hey, maybe using the stolen personal data to recover passwords, not a good idea?" in that ENTIRE TIME?

    This is the problem with corporations nowadays, CEOs write their own checks and answer to no one. If I was a shareholder I'd demand the resignation of anyone who hasn't been on vacation for the past month. Taco Bell managers have more common sense than the people who are running Sony. Considering how dependent they are on brand recognition, this kind of sloppy bandaging is going to do unimaginable damage to their profits.
    Reply
  • zkevwlu
    Well after this incident I don't think the Japanese will let Sony turn PSN back on ever again.
    Reply