By Jared Newman | Wednesday, May 18, 2011 at 7:56 am
One of Sony’s new Playstation Network security measures has turned into another vulnerability.
As Eurogamer describes it: Anyone who signs into the Playstation Network after the outage is required to change his or her password. But with this exploit, all you need to make the change is the e-mail and date of birth associated with the account. This information was compromised during the PSN breach last month, which means hackers could use the vulnerability to take control of users’ accounts. The exploit was first reported by Nyleveia.com, and confirmed to Eurogamer with video evidence.
Of course, this isn’t a problem on actual consoles. A hacker on the other side of the world can’t change your login from your living room. But it does present an issue for Sony’s websites, where Sony has now shut down the login process entirely.
To be clear, the exploit has no impact on the Playstation Network itself, which was back online as of Saturday. And I doubt many people were affected, but if you were, you’d have received an e-mail from Sony saying your password was changed. If you’ve already changed your own password, there’s nothing to worry about.
Still, the exploit is another blunder by Sony, which spent four weeks rebuilding the Playstation Network to prevent future attacks, and brought in outside experts to make sure everything was clean. I guess they missed a spot.