PSN is back up, but Sony's servers are still not secure
Reports indicate that Sony still does not have its network fully secure: an exploit is now available allowing users to reset your account password with only an e-mail address and date of birth. With this data now publicly available due to the previous hack of the PlayStation Network, it puts millions of users again at risk.
The issue, first reported by gaming blog Nyleveia late Tuesday, shows how stunningly insecure Sony's servers just may be. Details of the vulnerability were released to the Japanese company before being publicized.
Several other gaming sites have tested out the vulnerability and have confirmed its authenticity. It has been recommended that the e-mail for PSN be immediately changed to an e-mail not used anywhere else to gain protection from the flaw.
Sony took down several network sites about 15 minutes after receiving details of the vulnerability from Nyelveia, the blog reported. It said it also had more detailed information in its tweets and stories, but is not releasing it in an effort to prevent widespread exploitation of the flaw.
To its own defense, Sony responded and stressed that the discovery was not another hack of its servers.
"We temporarily took down the PSN and Qriocity password reset page," senior director of corporate communications Patrick Seybold wrote in a blog post. "In the process of resetting of passwords there was a URL exploit that we have subsequently fixed."
If accurate, that would mean the hole was closed -- but some may still be at risk during the period that the exploit existed. That means that while the exploit itself was not a hack, certainly someone may have hacked individual accounts using that flaw.