May 18, 2011 weblog
Sony PlayStation Network hacked again by resetting user passwords
News of this third attack first appeared on Nyleveia.com which warned users that their accounts are still not safe. According to Nyleveia.com the exploit involves a vulnerability in the password reset form currently implemented, not properly verifying tokens.
Sony has since then blocked PSN login access to a number of its site, and the PSN password reset site has also been taken offline. The company has stated: unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being.
Sony went on to say, "in the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information."
According to Nyleveia.com website: I would suggest that you secure your accounts now by creating a completely new email that you will not use anywhere else, and switching your PSN account to use this new email.
"You risk having your account stolen, when this hack becomes more public, if you do not make sure that your PSN account's email is one that cannot be affiliated with or otherwise traced to you."
It would seem that Sony has a lot more work ahead of them. Their customers are going to less likely believe them when they say that their network is now secure.
© 2010 PhysOrg.com