Exploit Allows Hackers to Reset PSN User Passwords

Exploit Allows Hackers to Reset PSN User Passwords


Attacks on Sony continue with exploit in PSN password reset page

The good news is PlayStation Network is still up and running. The bad news is that hackers have once again made Sony their target, exploiting a glitch in the PSN password reset web page that allowed them to reset other users' passwords and potentially hijack millions of accounts.

Sony confirmed this morning that it suspended signing in to PlayStation.com, Qriocity, and the PlayStation forums and it has taken down the PSN password reset web page as it investigates the issue.

According to various reports, the exploit allowed anyone to reset another PSN user's password by simply inputting their username and date of birth -- the very information that more than 77 million PSN users had stolen in April. It's unclear at this point how many users -- if any -- were impacted by the exploit.

Gaming site Nyleveia broke the news, reporting that: "Despite the methods currently employed to force a password change when you first reconnect to the PlayStation Network, your accounts still remain unsafe. A new hack is currently doing the rounds in dark corners of the Internet that allows the attacker the ability to change your password using only your account's email and date of birth. It has been proven to me through direct demonstration on a test account, so I am without any shadow of a doubt that this is real."

Eurogamer verified the exploit, and in response to the news, Sony announced via its Twitter account it suspended sign-ins and took down the PSN password reset page due to "essential maintenance."

Responding to questions about the exploit, Nyleveia started a Q&A in which it stated: "I would suggest that everyone, regardless of if they have been affected or not, create a new password and change their account email to one they do not use anywhere else, and will not be sharing with anyone else just for additional security."