MCV/DEVELOP News, events, research and jobs from the games industry
A new security flaw has been exposed in a process that resets PlayStation Network passwords, according to reports.
An increasingly known exploit allows unauthorised users to change other people’s passwords via the PSN reset web page.
The extraordinary revelation marks another damaging PR fumble for Sony as it tries to restore its reputation as a security-focused company.
The ‘hack’ can be performed, it is said, using only a PSN account email and date of birth.
These two details were compromised during the original PSN breach in April, though such data is not typically secretive either.
Sony today made PSN sign-in unavailable on a number of its websites, including PlayStation.com and the PlayStation forums. At the time of writing the password reset page appears to be down.
The hack was first exposed by Nylevia.com, while Eurogamer now claims to have verification of the hack’s authenticity.
"Those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being," Sony said.
"This is due to essential maintenance and at present it is unclear how long this will take.
"In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information."
Sony later clarified that the exploit "doesn’t affect PSN on consoles, only the website you click through to from the password change email."
