This is getting (more) ridiculous. Not even two days after Sony restored its embattled PlayStation Network for most users worldwide, cyber criminals have once again launched an attack, this time going after the PSN’s password reset system. In order for users to reconnect to the PSN, they were required to reset their passwords. You know, for security reasons…
News of this third, most recent attack were originally reported on Nyleveia.com, which warned PSN users that “accounts are still not safe.”
“I want to make this clear to ALL PSN users. Despite the methods currently employed to force a password change when you first reconnect to the PlayStation network, your accounts still remain unsafe,” writes Nyleveia. “A new hack is currently doing the rounds in dark corners of the internet that allows the attacker the ability to change your password using only your account’s email and date of birth. It has been proven to me through direct demonstration on a test account, so I am without any shadow of a doubt that this is real.”
Following the Nyleveia post there was, in fact, some doubt that this was real. But further tests by Eurogamer proved that the breach was real, which caused prompt action from Sony. In response, the company has blocked PSN login access to a number of its site, and the PSN password reset site has also been taken offline.
Sony responded to the new attack, saying: “Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being.”
“This is due to essential maintenance and at present it is unclear how long this will take,” Sony added. “In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information.”
Fortunately, this round of breaches isn’t actually a “hack” in the true sense of the word — at least not if you want to be a stickler about it. The previous attacks on the PSN were true hacks in that someone broke into Sony’s network, and stole nearly 13 million credit cards, and the personal data of about 100 million people. This time, they just used some of the data that was already stolen to break into people’s accounts. Big difference, we know.
Still, this proven vulnerability is sure to give Sony more grief. Just yesterday, Sony CEO Howard Stringer defended his company’s handling of the April attacks, which resulted in the being turned off for a week before users were alerted to the data theft.
On Monday, Sony released the details of its user “Welcome Back” program, which includes free games, like ModNation Racers and Killzone Liberation, and free movie rentals. Perhaps this most recent breach will prompt them to toss in a few more options, just to keep users happy. Just a suggestion.