PSN: Password Reset Page Exploit Mars Smooth Restoration of Service

Less than a week after restoring its PlayStation Network and Qriocity services, Sony temporarily took down the password reset pages to fix a vulnerability that allowed hackers to change a user’s password if their birthdate and e-mail address were known. These data were among the pieces of information believed to have been obtained by the attack last month.

There has been no known effect on Sony Online Entertainment and by extension EverQuest II, however this new problem has players nervous that Sony has not taken appropriate steps to lock down the most critical points of attack such as the Password Reset page.

“We temporarily took down the PSN and Qriocity password reset page,” Sony spokesman Patrick Seybold said in an update posted at the PlayStation blog.

“Contrary to some reports, there was no hack involved,” he explained. “In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.”

“Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3,” Seybold said. “Otherwise, they can continue to do so via the website as soon as we bring that site back up.”

Sony shut down the PSN and Qriocity on April 20 after its data centre in San Diego was hacked — but it did not reveal the breach until April 26. The entertainment and electronics giant began restoring Playstation Network services on Sunday and promised that defenses had been hardened. The Japanese multinational estimated that the cyber attack cost the firm $1 billion.

Sony Online Entertainment services were taken down on May 2nd and weren’t restored until early Saturday May 14th.

With reporting from AFP via Yahoo