PlayStation Network password-reset system compromised

[UPDATE] Multiple sources report Web-based method for creating new login info can be hacked with a user's e-mail and date of birth; Sony confirms "URL exploit."

by

Source: See below.

What we heard: Just five days after the PlayStation Network started coming back online, reports are surfacing of a new security flaw with the online systems. Based on an initial article on gaming blog Nyleveia.com that was reportedly confirmed by NeoGAF users and Eurogamer, hackers have discovered a new, simple exploit to change the PSN users' passwords.

The PSN's Web-based password reset service appears to have been compromised.

The exploit is reportedly done via the Web pages Sony set up to facilitate the mandatory password changes required in the wake of the three-week PSN outage. All that is reportedly needed to perform the exploit is a PSN user's e-mail account and date of birth, which is among the data that was reportedly stolen from all 77 million PSN and Qriocity users last month. The exploit reportedly does not affect those trying to change their passwords on the PlayStation 3 or PSP, both of which can still access the PSN.

The official story: Though Sony Computer Entertainment America reps had not commented as of press time, a moderator on the European PlayStation.com forums offered the following information:

"Hey Guys,

Please note that PSN sign in is currently unavailable for the following services:

PlayStation.com
PlayStation forums
PlayStation Blog
Qriocity.com
Music Unlimited via the web client
All PlayStation game title websites

Unfortunately, this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance, and at present, it is unclear how long this will take.

In the meantime, you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information."

Bogus or not bogus?: Not bogus that the PSN password reset page that PlayStation.com directs users to is "currently down for maintenance."

Meanwhile, Nyleveia.com has reportedly performed the exploit multiple times with multiple volunteers' PSN accounts. Several websites have also posted detailed instructions on how to perform the exploit, so this also looks not bogus.

[UPDATE] Later this morning, Sony Computer Entertainment America's senior director of corporate communications and social media Patrick Seybold confirmed the exploit--and that Sony was quickly working to fix it.

"We temporarily took down the PSN and Qriocity password reset page," said Seybold on the PlayStation Blog. "Contrary to some reports, there was no hack involved. In the process of resetting of passwords, there was a URL exploit that we have subsequently fixed."

He continued, "Consumers who haven't reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up." Sony offered no timeline as to when the sites will return.

Discussion

462 comments
TigusVidiks
TigusVidiks

I don't think there even was an hack. What's most troubling for me, is that after all that went trough, and after all the promisses of upgrading security, new firewalls etc etc from Sony, they keep failing so miserably in something so basic regarding security. I'm going to sell my PS3, since i can't trust it enough to play online with it.

RavenXavier
RavenXavier

The hacks just keep coming and coming. Sony has really pissed off a LOT of people in the Hacker community. I doubt it will be anytime soon that all this gets smoothed over. Sony just needs to do what-ever it takes to give the community (both players and hackers) the "features" they want and to return the features that have been removed since the PS3 launched so that the company can make more money. It all comes down to money in the end and Sony just wants to do what-ever they want so they can maximize profits. They need to think more about their customers and less about their bottom line. It's not like they still wouldn't have more money than god if they added a few features back. Sony makes a lot more than just video games and video games only account for about %40 of their annual profit margin. They still make BILLIONS on other Sony things, like TV's and Stereos and everything else with a Sony logo on it.

maxwell97
maxwell97

This is just getting hilarious. Sony should issue mandatory Mickey Mouse ears to all their network "experts".

riariases
riariases

@shadow655 Really? You've gotta be playing. Re-read the whole conversation if you don't understand. I don't even know how to clarify to someone who doesn't have a basis of understanding for conversation. And I've never reported a single person on Gamestop. I leave that to the rats.

shadow655
shadow655

[This message was deleted at the request of a moderator or administrator]

riariases
riariases

@shadow655 What do you mean I haven't given you a reason to? The reason you should be saying that is to prove your point in this debate. You saying you don't want to shaare this "killer feature" that makes Sony so much better than Microsoft just makes you sound like a bull crapper. And yes, I have played import games. Monster Hunter Portable 3 for PSP and Tales of Innocence for DS. MHP3 was good because MH games don't require lots of text and explanation, but games like Tales of Innocence do, which means I couldn't understand a thing about the game. So yeah, if you don't have any information to argue with, wtf are you still posting for?

shadow655
shadow655

@riariases If thats what u think I cant stop u... The reason I wont tell u is because u haven't given me a reason too. Everything u said has nothing to do with what I know or what I think. And the import thing was just examples of a feature PS3 has...Also have u ever played a import before? Theres games that r pretty easy to figure out and r fun as hell! Like A.C.E. R (Another Century Episode R)

riariases
riariases

@shadow655 No, you're not going into detail about it because you don't even know what you're talking about. You say you like Sony over Microsoft because Sony has something Microsoft doesn't. What? What does the PS3 have that the Xbox 360 doesn't? And I'm not just talking about online gaming or I would have mentioned how much better XBL is than PSN, but I didn't... until now. And region free gaming? Who the f*** cares about that on the Xbox 360? Every game that comes out for the 360 comes out all over the world (save like one or two titles). What are you trying to say? That all the good games coming out for the PS3 are only being released in Japan? Great, so you can import games and play through them even though you don't understand a thing.

LoatheMe
LoatheMe

whatever you need to tell yourself to make yourself feel like a big man, kid. maybe if you keep screaming hard enough at your monitor what a REAL GAMER you are, someone will care.

LoatheMe
LoatheMe

[This message was deleted at the request of the original poster]

shadow655
shadow655

@LoatheMe Dude this is getting annoying so just stop! Its ok if u dont understand what it means to be a Real Gamer...no need to get so worked up about it.

shadow655
shadow655

[This message was deleted at the request of the original poster]

shadow655
shadow655

@riariases LOL!!! U dont see it do u! There a lot u dont understand so im not going into detail about it...Not trying to insult u or anything... I own both 2 but its takes more than just owning them to to see what Im talking about. Also ur just talking about online what about the many other features and region free gaming?

LoatheMe
LoatheMe

shadow I think it's time you get mommy and daddy to give you your medication and lay you down for a nap. you're only embarrassing yourself.

riariases
riariases

@shadow655 "And I like Sony over Microsoft cause they have something Microsoft doesn't." Blu-Ray? No, no. Lemme guess... an unstable network? high piracy rates? Stupidity to challenge Anonymous, a hacking group notorious for destabilizing dictatorships and giant corporations, knowing that they had inferior network security? Really, they don't have that much right now. You could argue they have more/better exclusives than the Xbox 360 but I own both and their exclusives are pretty even. Killzone and Halo, Uncharted and Fable, God of War and Gears of War, Gran Turismo and Forza. They're all pretty damn equal.

shadow655
shadow655

[This message was deleted at the request of a moderator or administrator]

riariases
riariases

-PSN hacked -Sony Ericsson website hacked -Sony Music website hacked -77 million PSN users information compromised -8 million Sony Music users information compromised -All services shut down until further notice -PSN users accounts being stolen -Revealed: Sony used old online security software to minimize costs, jeopardizing millions of peoples personal information -Billions of dollars being lost due to server downage and Japan's natural disasters -Sony investors opting out -Stock prices decreasing daily and dramatically -Decrease in software sales -Decrease in hardware sales -Complete termination in digital software sales due to PSN being down -Sony screwed

LoatheMe
LoatheMe

@shadow655 I didn't abandon anything. English clearly isn't your strong suit. I said what I meant and if you can't follow it, that's not my problem. I'm not here to answer your stupid questions and have no interest in playing your childish "let's compare our video game dicks" game (a metaphor that I'm sure will be completely lost on you, but oh well.) and have no idea why you would possibly think I would. I already said all I have to say to you. Get over it and go ahead and get back to your embarrassing little pro-Sony rants on an article no one's reading anymore so I don't have to keep getting messages about your idiotic replies.

shadow655
shadow655

[This message was deleted at the request of a moderator or administrator]

shadow655
shadow655

@LoatheMe its funny how u were completely wrong about me...Remember this... "you're a "real gamer" because you play the exact same games on a different system you have more brand name loyalty to? well...good luck with that." and now u completely abandoned it... for this... "oh man. so I won't get to hear some random guy on the internet brag about his asinine delusions of video game elitism for the millionth time? what a shame." ??? Im not going to explain it to u but im going to ask u this... What do u think it means to be a Real Gamer...?

linksfire
linksfire

Sad thing about it is... im not surprised anymore. lol.

sieg6529
sieg6529

Wow, I'm glad I took my CC info off my account. I think I will ask my bank to change the number too.

SIDEFX1
SIDEFX1

@JurgenR he won't help you

chaos269
chaos269

what the hell is wrong with sony, even myself if i was in charge, i would have though of all of this and its basic things, those programmers over there and the IT Support at sony aren't even doing their jobs properly and still getting paid for it while we suffer, this is ridiculous.

supertom221
supertom221

Yet another failure by SONY. At this point, i'm not even LOLing. just dissapointed.

LoatheMe
LoatheMe

[This message was deleted at the request of the original poster]

LoatheMe
LoatheMe

@shadow655 oh man. so I won't get to hear some random guy on the internet brag about his asinine delusions of video game elitism for the millionth time? what a shame.

shadow655
shadow655

@LoatheMe Actually I play imports as well as exclusives and cross games so pretty much everything. And I like Sony over Microsoft cause they have something Microsoft doesn't... And to explain why im a Real Gamer to someone like u is a waste of my & your time cause someone like u can never understand or want to understand something like that. Im saying that cause I highly doubt u would even hear me out. Even if u did u wouldn't even understand. Thanks! but I dont need luck!

QOSMSTR
QOSMSTR

Can they do anything right?

Reyveign
Reyveign

@BIGwitchwoman Go to Amazon.com and make a search for "Sony Playstation Network Card". They can be bought at a handful of retailers (check Sony's website, I'm sure it says). No credit card or personal info required. Once their store is back up, you use the code on the card to redeem the amount you purchased.

the_requiem
the_requiem

I think this shows A) Sony doesn't care about security. or B) They need to fire their entire IT Security staff. After one of the biggest security goof up they do some of the most basic mistakes, AGAIN. @parkurtommo: For same reason there are security mailing lists that explain in detail how an exploit works... so that ones in-charge can come up with a fix. Not to mention, ease of exploit is more often than not indicative of poor programming/security practices.

RockEmo17
RockEmo17

It can get any worse when my Mon caught's me watching illegal videos or porn

gbrading
gbrading moderator

Can it get any worse? :(

Zerabp
Zerabp

This wasn't a "hack", while Anon did the hacking no one but whoever coded the website can take credit for this exploit, and I highly doubt it was intentional. Few people like to sacrifice their livelihood to screw over the innocent, though it does happen...

bluespire1
bluespire1

This absolutely continues to suck!!!!!!

parkurtommo
parkurtommo

Are these websites who are posting detailed instructions on how to perform the exploit anarquists or something? Why would someone do that without having the intention to make things worse?

shadowwolfz
shadowwolfz

Yet again, I don't get how those websites have found a way to exploit us again and somehow the police of the moderators aren't doing anything about it and are letting the rumor "how to do it" is spreading. I have loved Playstation 3 since it first came out. I have trusted it. But now that it has been hacked. I might speak for a lot of people, but we are losing our trust in Sony and Playstation Network. Also I am starting to believe that the Anonymous Person who hacked PSN will never be found. Although most hackers just hack to gain levels in games or to stop everyone from doing things on some games, The others just hack to see our faces and watch us in our disappointing loss in trust for that thing that was hacked. So I am still really upset and i am starting to realize that using your credit card on online websites or online gaming is dangerous. I have deleted my credit card information and hoped it was not to late. Also I have really been disappointed since I have been a die-for fan of Sony for a long time now and this just crushed it all into pieces. I am still going to use it, but not trust it as much as I did anymore. I honestly hope that the hacker is going to be caught and Playstation Network will be safe again.

Spartan_418
Spartan_418

As much as we all blame Sony, no network is truly impenetrable. This was Anon's doing. "Anonymous is legion, it does not forgive, it does not forget, expect them"; this time they just took that concept way too far. Stealing the account info for 77 million people isn't going to discourage Sony from tightening their iron grip on the PS3, this hacking will have quite the opposite effect.

bg509
bg509

because us live players pay for our online, we're more or less protected from outside hackers... how many playstation users can honestly admit they've switced to or tried live at any time during the 20 plus days this has gone on for? you get what you pay for.. plain and simple : D

BIGwitchwoman
BIGwitchwoman

This sounds like a systematic attack which has been planned from day 1 WHAT do they plan to attack next???? On another subject I am very wary of giving my new cc details to Sony again! Is there any way we can purchase credit for our PSN from a games shop instead?

FarmFreshDX
FarmFreshDX

One security breach is bad enough, I can understand how it would happen and I respected Sony for their handling of it. This is just bad. Completely over-the-top insane. It's going to be hard for anyone to trust Sony anymore. Even the most hardcore fanboys will have doubts.

simardbrad
simardbrad

Sony needs to fire its online network staff. They are very incompetent.

istuffedsunny
istuffedsunny

[This message was deleted at the request of a moderator or administrator]

jackhole_88
jackhole_88

Come on people think about it before you start typing. The hacker will try and hit Sony over and over because they think they are doing the right thing on the defense of one moron that posted his hack. Plus has anyone been reading the articles stating that Sony is doing their comeback in phases. Gaming part is back. Think about it people do you really want Sony out of the gaming picture and let Microsoft and Nintendo fight it out on the next console war. If this does come about Microsoft will get lazys with their games and throw out crappy titles just like when Sony was on top with the ps2.These 2 companies need one another so their will be top notch games on both systems.

jmpittman0220
jmpittman0220

This is pretty much it for me. No more PS3 online. Sony has lost my buisness. No Xbox, no PS3, I'm gonna have to go PC cause Nintendo can't make a real system anymore. Gaming these days is so low quality. If only Rockstar made a system...

HappyBB
HappyBB

Talking about the irony here.

holhardy
holhardy

I can't help but to laugh.