Sony’s new PlayStation Network security measures have apparently been circumvented just days after the service reboot.
A new exploit supposedly enables attackers to change other users’ passwords via the PSN password reset page members are forced to access when they first reconnect to the online service.
Attackers can apparently reset the password themselves using data that was compromised in the initial attacks on the PSN, such as email adresses and dates of birth.
The official PlayStation EU Twitter account says the web-based password reset page has been taken down for “maintenance”, though you can still log on throught your PS3 itself.
In an update on the EU PlayStation forums, Sony said:
“Please note that PSN sign in is currently unavailable for the following services: PlayStation.com, PlayStation forums, PlayStation Blog, Qriocity.com, Music Unlimited via the web client, all PlayStation game title websites.
“Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance and at present it is unclear how long this will take.
“In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information.”
It seems we’re not quite out of the woods yet.
Thanks to nyleveia for the info.