Now things are just getting ridiculous, as Sony is dealing with another security issue related to last month's PlayStation Network breach. PSN is back up in most places now, but as part of the restoration process, all users must change their account password. That's good. Passwords can be changed via the PlayStation 3 or PlayStation Portable systems (which most people will probably use for this) or on PlayStation.com and Qriocity.com. The new problem is that there's a security issue on the websites used for changing one's password that allows anyone that knows your account's e-mail address and your date of birth (which, as you'll recall, were stolen in the initial hack attack) to change your password without your authorization. That's very, very bad. Eurogamer has the infuriating story.
Eurogamer has seen video evidence that verifies reports that Sony's PlayStation Network password reset system suffers from an exploit that allows attackers to change your password using only your PSN account email and your date of birth – information compromised in the PSN hack of 20th April.
Sony today made PSN sign-in unavailable for a number of its websites, including PlayStation.com and the PlayStation forums. All PlayStation game titles are also unavailable.
Crucially, the website users are directed to by password reset emails is now down.
"Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being," Sony said. "This is due to essential maintenance and at present it is unclear how long this will take.
I wonder what free game Sony will offer up to apologize for this issue. But seriously, at least the web-based password changing method is unavailable now, so no additional accounts can be swiped with this method. Y'know, Sony, some of us are willing to move forward from the PSN attack and try this whole PlayStation thing again, but you're really making it difficult when things like this password exploit happen. Get your house in order and fix the problem. Better yet, don't let the problem happen in the first place. The damage has been done, but my hope is that Sony's management and technicians have learned from this experience. Some good has to come out this in the end no matter how little.