posted on: Fri, 05/20/2011 - 23:24
News made it to the internet that Sony had to take the PSN offline one more time after hackers found an exploit in the mandatory PSN password reset system, allowing them to change passwords for any account without its owner’s knowledge.
On the official PlayStation Blog Sony confirmed the incident but insisted that “contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.”
But the truth is more embarrassing than hackers finding an exploit in a newly secured system. In fact, the URL exploit Sony mentioned was nothing more than some Sony websites which allowed PSN users to reset their passwords just by entering their email and date of birth – both of which were available unencrypted in the data stolen in famous PSN breach.
Needless to say, Sony fixed that “exploit” by taking those pages offline. In the meanwhile if you get an email notification about your PSN password being changed, don’t waste time before contacting Sony if it wasn’t initiated by you.
Article from: http://www.megagames.com/news/sony’s-website-allows-hackers-change-any-psn-password
News made it to the internet that Sony had to take the PSN offline one more time after hackers found an exploit in the mandatory PSN password reset system, allowing them to change passwords for any account without its owner’s knowledge.
On the official PlayStation Blog Sony confirmed the incident but insisted that “contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.”
But the truth is more embarrassing than hackers finding an exploit in a newly secured system. In fact, the URL exploit Sony mentioned was nothing more than some Sony websites which allowed PSN users to reset their passwords just by entering their email and date of birth – both of which were available unencrypted in the data stolen in famous PSN breach.
Needless to say, Sony fixed that “exploit” by taking those pages offline. In the meanwhile if you get an email notification about your PSN password being changed, don’t waste time before contacting Sony if it wasn’t initiated by you.
Article from: http://www.megagames.com/news/sony’s-website-allows-hackers-change-any-psn-password
