PlayStation Network Logins Exploited Again - Sony Takes Site Offline
It’s true, the PlayStation Network has been somewhat hacked again. By now we all know what happened just about a month ago that caused the PlayStation Network to collapse and shut its doors for a couple of weeks. This exploit today is just an extension of what happened last month.
When the first breach of security was caught, hackers had already stolen user data such as names, addresses, email, birth date and more. In the haste to get everything rebuilt and secure everything again Sony forgot one small detail. Before the attack on the network, if a user forgot their password all they had to do was enter their email and birthday to be brought to a prompt to reset their password. After the attack though, the malicious people who stole all that user data now have access to your birth date and email addresses.
The leaves everyone open to have their accounts compromised by a simple online form to reset passwords. After being discovered Sony promptly took down the online site that housed the reset form to deploy further authentication methods.
It seems the exploit in Sony’s online form has to do with not properly verifying tokens. This leaves all PSN users at risk to getting their accounts compromised and taken from them.
Despite the methods currently employed to force a password change when you first reconnect to the PlayStation network, your accounts still remain unsafe, until this problem is fixed.