An exploit has been found for the password change system put in place on all web site-based PSN access points. Part of the PlayStation Network update process includes a password reset. Any would-be hacker can change your PSN password if they know two pieces of information: your account email and your birthday.
Sony is aware of the issue and has taken down all of the web-based login points until they can come up with a resolution. Those watching the clock on the PlayStation Network debacle will likely note that this marks yet another setback in what’s quickly becoming one of the worst month’s in the PlayStation’s lifespan.
Sony’s only recently introduced a welcome back and apology package for the gamers affected by the security compromise and subsequent network downtime. The service has been partially brought back online as users can now play their games, but the PlayStation Store has yet to see the light of day. Sony says that they are working around the clock to make their service as secure as possible before they launch it fully. Unfortunately, thanks to situations like this one, that effort has not been easy.
The maintenence that’s being performed to elimate this password changing exploit, according to Sony themselves, does not affect the status of the PSN on consoles. Gamers can still get online and play games, assuming that their passwords haven’t been changed.
If you want to know whether or not this exploit has been performed on you, check the inbox of the email linked to your PSN account. You would have been notified there if your password had been changed. If it has, contact Sony support from the directions within the same notification email.
The PlayStation Network has a target completion date of May 31st. Hopefully these distractions won’t keep the service from safely and entirely hitting that mark.
[via Giant Bomb]