Sony PlayStation Network logins exploited again

By on May 18, 2011, 12:00 PM

Update: Sony has fixed the flaw. "We temporarily took down the PSN and Qriocity password reset page," a Sony spokesperson said in a statement. "Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed. Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up."

Sony's PlayStation Network (PSN) password reset system has suffered from an exploit that allows attackers to change your password using only your PSN account email and your date of birth. This information was compromised in the original PSN hack on April 20, 2011, so whoever has the data from Sony could in theory reset any of the captured users accounts simply by entering the details they stole.

Nyleveia was first contacted about the security breach by an unknown individual. The site at first believed it was a poor hoax designed only to stir the community into another frenzy, but decided to create a test account to verify the claims. After giving the individual the account email and the date of birth used for the account, a minute later the contact had successfully managed to change the password. It's important to emphasize that the person did not know the old password. Once the security hole was confirmed, Sony was given a detailed description of how it works.

After being notified of the flaw, Sony took down the PSN sign-in page for a number of its websites just 15 minutes after responding to the warning. This means the website users are directed to by password reset emails is now down (as shown below). This "maintenance" doesn't affect PSN on consoles, only the website users are trying to access to change their password and thus get back onto PSN.

"Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being," a Sony spokesperson said in a statement. "This is due to essential maintenance and at present it is unclear how long this will take. In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information."

The exploit in question works despite Sony forcing you to change their password when you first reconnect to PSN. An attacker can change your password using only your account's email and date of birth, so you should create a new email address that you will not use anywhere else, and switch your PSN account to use this new email.

Unfortunately, you won't be able to do this until Sony puts the webpage in question back up. Let's hope that Sony manages to fix the exploit in a timely manner. Further details on the security flaw will not be released until Sony patches it.




User Comments: 31

Got something to say? Post a comment
St1ckM4n St1ckM4n said:

HAHAHAHAHAHAHA!

bielius bielius said:

HAHAHAHA! lol'd So badly!! I expected that after a week or so, but i was wrong DDDD

insect said:

st1ckm4n said:

HAHAHAHAHAHAHA!

TomSEA TomSEA, TechSpot Chancellor, said:

One step forward, three steps backward. Unbelievable...

Proofix said:

DIE DIE DIE!

Cueto_99 said:

Sony hasn't understood that it is not a security problem they have... its' a philosophy problem... many more companies probably have worst security holes than Sony, but because of Sony's stubborn stance against the community and "piracy", look at the mess they've got themselves into... I say, this won't be solved with more security measures, those will always be breach... this will be solved when they realized the PS3 owner is its buyer....

Guest said:

Keep attacking them! We can get rid of this dirty company once and for all.

I can't wait to see this quarter's losses BWAHAHAHHA

trparky said:

I can't help but to be laughing about this. Who do they have working at Sony as system developers? Whoever they are, they need to be fired... yesterday.

This is the beginning of the end for the PlayStation gaming console.

Guest said:

Reading the headline made my laugh out loud. HAHAHA

Guest said:

I hear Sony are doing it for the lulz

Guest said:

yeah its not about security and patching...it seems that hacking them over and over its an sport like with other organizations (FBI, NASA) so...until they dont stop their greedy actions i think this wont end...just imagine that? this is gonna be Fun cuz we are in the middle of a digital revolution.

yowanvista yowanvista said:

Sony asked for it, now they got it...

gwailo247, TechSpot Chancellor, said:

This probably illustrates the problems of being a large corporation.

I would not be surprised that like with many tech gaffes of recent years that some low level hands on person brought this to the attention of their boss, but at some point it reached the level of someone with more worry about bringing the system back online than technical knowledge who ignored it and gave the green light.

It could be that they hired complete incompetents, but I'm willing to bet that this whole debacle came out as a result of business vs technology battles within Sony, with business considerations coming first. They probably read headlines that a few crackheads who cannot live without COD for 24 hours went to buy an XBOX to get their fix in, and translate that to everyone is going to trade in their console and games (at a huge loss), so they decided to put PSN back online, ready or not.

Guest said:

Really the end of the PS3 ?

I have a PS3, Xbox360, Wii, and PC.

Now I would probably only use my pc if I could get console games on the PC that werent shoddy ports and had full support to use the controller of my choice, PS3 or Xbox. It would be decided by the game or genre probably. But unfortunately this is not the case.

But when it comes to Consoles, the PS3 has always been in my eyes the better and clear winner.

The Xbox was underspecced it wasnt next gen, it was an xbox with a few upgrades. I cant say the PS3 is exactly next gen either but it was miles ahead of the xbox.

But it was too expensive ? Really? STFU!? M$ made a box of crap that broke down time and time again, and to prove how dumb its customers were, many bought replacements, I read of one guy buying his 7th... a fool and his money ...

Not only was it rubbish wrapped in crap plastic, but if you wanted rechargable pads, and HD movies... you paid out. £150 for the UK external HDDVD player. A rip off, in rip off Britain. To make it as good as the PS3 you paid at least the same if not more.

But HALO 3. HALO REACH. GEARS OF SNORE. Got them and they aint that fab. Halo 1 is still the best. HD that badboy for me kthx!

They do that these days HD old classics to make new money outta old tat. Wouldnt Halo 1 be worth seeing all sauced up ?

Back to topic... So Geohot wanted his Linux back. Fair Enough. The hack...well if youre going to leave ya pants down and bend over, ya gonna get shafted by some opportunist with an evil lust. But do I care as a PS3 owner ? Not really. Google has many peoples data, and cloud servers are all gonna come out and everyone will soon be in the same boat screaming at another company for having been exploited and leaked data all over the floor and on ya brand new birkenstocks. Rugmunchers. You fix one hole in Windows you make 3 more, same for any system it seems.

Seems to me their are too many Fat cry babies out there uncapable of kicking a ball, taking a bike ride. If you cant live without online gaming (and their are single player options in the menu boys and girls), then you need some help. Especially those who apparently traded in for the xbox.

Bob Dylan The Beatles .... Hippies. There were movements against the system before. Greater causes mind. Nothing so petty as "I gots no Linux option, but im uber 1337". Kids should be taught English again and shot in the face for using crap speak in schools / public. What am I thinking. All these fat whiners dont go out in public. Right ?

Sony don't really deserve this over their complaints of piracy. They are meant to ***** about piracy. TOMSEA will tell you how piracy is evil. Not how for decades companies like Sony have always moaned that each new data storage medium is all about piracy and must be stopped. Yet they then embrace it, and make a fudge load of money out of its customers. And digital data is no different. Maybe its because the net is global, and with sonys track record of things on the net, they have realised that digital piracy is out of their control and they dont see how to embrace this one to make bank. Which they have already. Divx players, MP3 players. And these things changed how we buy music, that one good song instead of an album where the rest sucks. This is progress, progression, evolving, adapting.

Sony will sort this out, they will adapt and survive or, make the same mistakes again til they are crushed. But quite frankly this whole thing is one media farce that with time will be forgotten. Its not Pearl Harbour or Hiroshima, or Jurrasic Park. Return to your simple lives, just forget this ever happened. Forget, fooorrrget.

Guest said:

As in many fields this type of shyte happens when the people making the decisions are so far removed from the process and actual knowledge of the "business" that they are in.

Guest said:

Nice peak into their new security setup. [sarcasm]Looks like it was money well spent.[/sarcasm]

Guest said:

Cool! More free stuff!!!

Staff
Per Hansson Per Hansson, TS Server Guru, said:

Hahahaha, Sony

-You never cease to amaze me!

I literally laughed out load, that's not so common for me personally

treetops treetops said:

Though sony should not have antagonized the hackers, they still shouldn't be punished for there views. Really if you don't like there policies don't buy there product. And that geohot guy was in it for the glory I don't get why anyone is defending him, he could have easily released the codes without putting himself in the spotlight.

I know corporations have lobbyist to get there way, but isn't this sinking to there level? The truth is most people don't care about Sony's product policy, interpretation or execution of the law. These hackers are not representing the people but a small minority of extremists.

I admired these hackers at first but forcing there ideas on other is exactly what sony was doing with there policy. However sony clearly states what you can and can't do. These hackers randomly lash out on a whim. Again no one is forcing you to buy sonys ps3.

Klaus K said:

Probably hackers have installed a nasty trojan on Sony's computers something very powerful like Stuxnet was and Sony can't find it, they really get into trouble with this one as it seems.

Guest said:

Poor Sony! Is this the beginning of the ending?

Cota Cota said:

Klaus K said:

Probably hackers have installed a nasty trojan on Sony's computers something very powerful like Stuxnet was and Sony can't find it, they really get into trouble with this one as it seems.

I doubt they had to do that, they may just had been googling "hack SONY PSN" and the result gives a direct link to SONY PSN servers xD

Guest said:

@treetops:

http://dictionary.reference.com/browse/there

http://dictionary.reference.com/browse/their

http://dictionary.reference.com/browse/they're

They're going to be there and they're coming in their car.

Guest said:

@ Guest 2:16PM

Dude, chill, you can't deny that the PSN has lost an awful lot of face because of these attacks.

You also shouldn't bastardise 'Gears of Snore' in defence of a console who's prime shooter exculsive is the appalling Killzone, each iteration of which have been aged and creaky before they came out. I'm not arguing PS3 has worse games, simply that a PS3 cannot claim the exclusive-shooter high-ground.

The inevitable breaking XBox is BS as well: I and a friend both bought day1 360s. No RROD in 10 combined years of use.

You also shouldn't claim that the 360 was not nexgen over an XB1: three times as many cores running six times as many threads, across the board more powerful GPU, more/faster V/RAM, better ergonomically etc.

The same goes for PS3, a seven core beast with plenty of power, though aesthetics and ergonomics left a fair bit to be desired at launch - I've never been able to properly grip PS controllers, too small and light, N64 FTW

Both consoles were definatively Next Generation upon release and as far as PS3 being a clear winner, I thought so too at the time, but time has shown neither can really take the lead GFX wise since both are VRAM limited to exactly the same extent.

Also don't talk about the HD-DVD, it's history now, just be glad that this time Betamax won

Emin3nce said:

Guest said:

Really the end of the PS3 ?

I have a PS3, Xbox360, Wii, and PC.

Now I would probably only use my pc if I could get console games on the PC that werent shoddy ports and had full support to use the controller of my choice, PS3 or Xbox. It would be decided by the game or genre probably. But unfortunately this is not the case.

............. .. blah blah blah blah

Sony will sort this out, they will adapt and survive or, make the same mistakes again til they are crushed. But quite frankly this whole thing is one media farce that with time will be forgotten. Its not Pearl Harbour or Hiroshima, or Jurrasic Park. Return to your simple lives, just forget this ever happened. Forget, fooorrrget.

TL R - Sony Sucks, always have and always will. gg.

Guest said:

@ Guest 2:16PM

I'll say it for you, Sony sucks.

Kibaruk Kibaruk, TechSpot Paladin, said:

Trololo HO HO HO!

Guest said:

Owning a PS3 and having potentially been a target of these hackers, I still think Sony deserved this for their arrogance. They needed to be humbled.

Guest said:

I won't forget the DRM Rootkit Sony inflicted upon the world, including Mac & PCs...

http://www.bing.com/search?q=sony+rootkit&FORM=IE9SRC

It's sad to see a brilliant company known for its hardware excellence designs, go down in flames just because of totally inept management.

Well somebody is responsible for heading the Sony Corporation?

Sony was great when it was ran by Japanese people. Now it's asinine British and German management, who royally screwed up everything, in the pursuit of greed and immediate profits.

I only purchased a PS3 as a bluray disc player. Well I enjoy GranTurismo 5 and driving the Lexus LF-A at over 300Mph...

But for serious gaming, I use an i7 12GB DDR3 overclocked with (2) GTX580 FTW Hydro-Copper2 @850MHz GPU core liquid cooled. Just the 2 video cards consume 84Amps @ 12V.

Consoles are just what they are. A mere $200 toy. With a low-power supply and corresponding low computing power.

I also have a xbox first gen modded to Linux, as well as PS1 PS2 and PS3.

Serves them (Sony) right.

-- WinTard

~~~~~~~~~~

We should never be allowed to forget that it is the customer who, in the end, determines how many people are employed and what sort of wages companies can afford.

~ Lord Robens

There is only one boss. The customer. And he can fire everybody in the company from the chairman down, simply by spending his money somewhere else.

~ Sam Walton

PinothyJ said:

It's like watching a daddy long-legs trying to dance the tango...

Guest said:

Well I have never seen so many foolish comments on this web page.

It must be kiddie / hate the console hour ?!?

Sony is a business that is . . . wait for it . . . important to the economy.

Chances are that Sony will outlive the USA in any case. No more dumb fat kids commenting on things they know nothing about - what a relief that will be !

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.