PSN website sign-ins disabled after users identify potential exploit [update]
Call it another "hiccup" in Sony's bumpy road to getting the PlayStation Network back up and running, securely: The company has disabled PSN sign-in access on its PlayStation-related websites for "essential maintenance" purposes.
"Clarification: this maintenance doesn't affect PSN on consoles," tweeted PlayStation Blog EU this morning, "only the website you click through to from the password change email." A follow-up tweet added, "We'll let you know as soon as the landing page is back online."
Although Sony has yet to specify the reason for the maintenance outage, the action follows users' discovery of a potential exploit of the PSN password change function on Sony's websites. UK gaming news site Nyleveia was the first to sound the alarm when it warned, "A new hack is currently doing the rounds in dark corners of the internet that allows the attacker the ability to change your password using only your account's email and date of birth."
In actuality, it was not so much a "hack" as it was a critical oversight by Sony, which had not changed the PSN password reset method on its websites when it began to partially relaunch the service last weekend. Any website user, nefarious or not, needed only to provide a PSN account's associated email address and the account holder's date of birth to change the password -- information that was stolen by hackers during the PSN breach last month.
Needless to say, if you have received an email confirming your PSN password has been changed (and you didn't change it yourself), you should contact Sony. For now, the password reset function has been disabled on Sony's websites.
"Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being," Sony said in a statement posted by Eurogamer. "This is due to essential maintenance and at present it is unclear how long this will take."
Update: Sony has issued a statement on PlayStation Blog, describing the issue as "a URL exploit that we have subsequently fixed." The company adds, "Consumers who haven't reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up."
