Password Reset Problem Derails PlayStation Network

Sony was forced to shut down their PlayStation Network and Qriocity password reset pages today, just days after they finally brought the gaming platform back online following nearly a month of outage stemming from an “external intrusion.”

PSN downSony was forced to shut down their PlayStation Network and Qriocity password reset pages today, just days after they finally brought the gaming platform back online following nearly a month of outage stemming from an “external intrusion.”

In a post on the PlayStation blog, Sony is quick to reassure customers that “contrary to some reports,” no one has hacked anything, but rather that in the process of the resetting everyone’s passwords, there was a URL exploit which they have since fixed.

Initial reports came from Nyleveia.com, claiming that an exploit existed in the PSN and Qriocity password reset site that would allow anyone to reset a given PSN account password. That would in essence allow anyone to take control of that account, knowing only a person’s email address and date of birth, both of which are pieces of information that were exposed in the PSN breach.

“While we originally assumed this was a poor hoax designed only to stir the community into another frenzy, the individual who we are in contact with requested just two pieces of information from us: this being an account email and the date of birth used for that account” the report says. “We promptly created a new account via us.playstation.com and provided the individual with the email address and date of birth used. Roughly a minute later they requested that we try to login with the password we used for the account (which they did not know at any point), and sure enough, we were presented with an invalid username and/or password prompt.”

Eurogamer claims to have video evidence verifying this.

Neither site claims that Sony was hacked, so to speak, but that a vulnerability existed through which PSN user accounts remained unsafe. Nyleveia’s report did say however, that if the issue isn’t resolved and more people became aware of this exploit, then it is likely that users’ accounts would be stolen.

Interestingly, when Sony began the process of restoring the network, Japanese authorities were skeptical about whether the online gaming platform had indeed resolved all of its security issues, and kept the network down as a result. As of today, according to a report from PCWorld, the PlayStation Network remains offline in its native country.

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.