Sony forced to close PSN security ‘loophole’ following relaunch
The company told all customers to reset their passwords as a security measure when it relaunched the Network (PSN) but was soon warned by technology bloggers that those who made the change via email were vulnerable to further attack, possibly by the same cyber criminal responsible for the original assault which took PSN down last month.
Sony, which reportedly fixed the problem overnight, required customers who want to change their passwords to provide their email address and date of birth. However, in the case of many PSN members, that information was compromised in last month’s leak and may still be in the hands of the original hacker, leaving those users vulnerable to unauthorised password changes.
A Sony spokesman said the password reset function was disabled “within 10 minutes” of the company receiving warnings of the vulnerability, which was first reported by technology website Nyleveia.com.
He added that any user whose password is changed will automatically receive an email notifying them of the modification. “If any customer receives such an email unexpectedly, they should ring Sony and report it,” he said. He denied that the service had “been hacked” as there is “no evidence that information has been lost” and said that the attack could be carried out by “anyone with access to a user’s email address and date of birth; a friend playing a joke, for example”.
A statement released by the company read: “Unfortunately this… means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being.” It is unclear how long full restoration of the service will take.
Twitter: @KevinJRawlinsonTagged in: online security, playstation, PSN hack, Sony
Recent Posts on Science & Technology
Latest from Independent journalists on Twitter