PSN Hit with Reported “Password Exploit” *UPDATE*

UPDATE:

Head of communications for Sony Computer Entertainment Europe, Nick Caplin, has posted a statement on the official PlayStation blog, dismissing any reports of the recent downtime of the PSN web-based password reset page being caused by another hack attack:

“We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.

Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.”

With this fast response from Sony, fans can be releived to know that Sony continue to keep a close eye on the process of bringing PSN back in full. When the site is back up and running is yet to be determined, but Push-Start will deliver the update as it comes.

ORIGINAL ARTICLE:

Just when we thought that Sony was so close to getting out of this PSN catastrophe, the bad times keep coming. According to Eurogamer, hackers are on the attack once more with a reported password exploit.

Millions have attempted to link to the PSN web-based password reset page, after receiving emails from Sony to change their password so they can finally access the PSN via their PS3. But instead, the link leads to a notice that we are only too familiar with lately;

“The server is currently down for maintenance. We apologize for the inconvenience. Please try again later.”

Which means that even for those of you who have been eagerly waiting on an email to get a new password and play online again, unfortunately have to wait a little bit longer once Sony attempts to leap another hurdle in protecting their own interests as well as the millions of PSN users still waiting to get back online.

It is alleged that anyone can change someone else’s password by simply using their account email and date of birth – both pieces of information that have possibly been obtained by the hackers responsible for the PSN outage since mid-April. Eurogamer even claims that they have witnessed video footage of the password exploit in action.

According to a post on the PlayStation forums, the PSN sign-in glitch currently affects PlayStation.com, PlayStation forums, PlayStation Blog, Qriocity.com, Music Unlimited via the web client, and all PlayStation game title Web sites.

The exploit was first discussed on Nyleveia.com, which stated that they confirmed the method last night and contacted Sony. The blog said that the PlayStation password reset page went down for maintenance, within 15 minutes of receiving the message from Nyleveia.com.

These reports come only a day after Sony chief Sir Howard Stringer defended the company for notifying customers of the outlet a week after the initial breach, and that no online service in the world is 100 percent safe:

“Most of these breaches go unreported by companies. Forty-three percent (of companies) notify victims within a month. We reported in a week. You’re telling me my week wasn’t fast enough?”

It is undetermined how long the PSN web-based password reset page will be down for maintenance, or whether these password exploit reports are genuine or not, but Push-Start will keep you posted on any updates.

Sources: PlayStation.com, Nyleveia.com, Eurogamer.net