PSN Web Site Sign-Ins Exploited [Updated]

Sony takes down all web site sign-in pages due to security issues. Just when you thought it was safe to go back in the water....

 
UPDATE: Sony has issued the following statement via the PlayStation Blog: “We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.” They also encouraged users to update their passwords via their PS3s now, or to do so later once the web sites are back up. At this time, Sony is either unable or unwilling to provide a timetable for their return.

ORIGINAL STORY: Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.

They told us it was fine now. Good ol’ Kaz said he was sorry. He urged us all to jump back online and have fun again. He even offered us a sack full of free downloads. And then this happened.

An exploitable glitch allows for hackers to easily change your web site passwords and access your accounts — using nothing more than your e-mail address and date of birth. Apparently, the publisher failed to update things on the web site end before restoring the system on Sunday. Sony responded by disabling sign-in for all of its PlayStation and game related web sites. Wow.

I’m imagining that Kaz reacted somewhat like Lando in Empire when he heard the news: “They told me they fixed it! I trusted them to fix it! It’s not my fault!” All kidding aside, this is terrible news for Sony and its customers. Just days after being assured that increased security measures would provide sufficient protection for users, we now find out that some accounts have undoubtedly been compromised again.

The EU PlayStation Blog had this to say via Twitter: “Clarification: this maintenance doesn’t affect PSN on consoles, only the website you click through to from the password change email.” Another tweet read: “We’ll let you know as soon as the landing page is back online.” Nothing has been posted to their blog proper; instead, there’s a story about the Resistance 3 cover art being unveiled. Clearly, Sony was excited to put the whole thing behind them and get back into the swing of actual game talk in the lead-up to E3.

The site that users are directed to go to in order to change their PSN passwords has also been disabled. Since changing it was mandatory for anyone to get back into the restored PSN, anyone who hadn’t yet changed it is once again unable to play Sony games online. “Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being,” Sony said. “This is due to essential maintenance and at present it is unclear how long this will take.”

Those who had actually already changed their password should double check that it hasn’t been altered by a hostile third party. Since you can’t change it again at this time, your only play as of now is to contact Sony.

[Sources: PlayStation Blog, Eurogamer, Nyleveia and EU Playstation Blog on Twitter]

[Image courtesy of Crazy Engineers.]

Nick Santangelo
Nick Santangelo
Nick Santangelo

MASH Veteran

Nick has been a gamer since the 8-bit days and a member of the MTB editorial team since January of 2011. He is not to be interrupted while questing his way through an RPG or desperately clinging to hope against all reason that his Philly sports teams will win any given game he may be watching. Seriously folks, reading this acknowledges that you relieve MTB of any and all legal liability for his actions.

The Latest from Mash