Sony just can’t seem to stave off negative headlines these days. Just 5 days after PSN services started to be restored throughout the world another nasty exploit has been uncovered allowing hackers to change your PSN account password. The exploit was discovered by Nylevia last night and confirmed quickly by NeoGAF.
It was found that the web based password reset system on sites like Playstation.com and Qriocity.com will allow someone to change any account password if they know two simple pieces of information; the email address associated with the account, and the date of birth of the account holder, you know, the information that was stolen in late April when hackers first breached the PSN. On the plus side you’ll get an email informing you that your password was reset.
Sony responded to these reports by taking down all PSN web based login systems. Right now Sony has given no estimated time for this issue to be fixed. The only thing Sony is saying is that PSN services won't be impacted by this downtime.
"Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being," said Sony. "This is due to essential maintenance and at present it is unclear how long this will take. In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information."
While it is positive that these troubles won’t impact PSN services it is uncomfortable, to say the least, that Sony is continuing to have issues with their online security. This has gotten so bad that Nylevia is recommending to maintain a separate email address specifically for use with PlayStation services. The very idea of maintaining an email address for one account is absurd but it really seems necessary at this point.
This new issue has effectively killed much of the positive momentum Sony has been building since they started bringing PSN services back online last week. With the Electronic Entertainment Expo (E3) only a few weeks away, Sony is putting themselves in the position where much of their press conference during the event will have to address these various security issues. Sony is effectively going into one of the largest industry events of the year in damage control mode instead of creating consumer excitement for future products and games.
Hopefully Sony can address security concerns and strengthen all parts of their network against future attacks. Despite their efforts to improve overall network security they are one company who many will never again trust with their personal and credit card information.
