Sony’s PlayStation Network woes continue, with the company’s own password reset system – a mandatory step in getting back online after Sony restored PSN services at the weekend – turning out to be a loophole for account theft. Resetting a password required just a PSN account email and the user’s date of birth, Nyleveia spotted: two elements that were among the data stolen in the original hack back in April.
Sony has taken down the PlayStation Network sing-in page, and all PlayStation game titles are unavailable. “Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being,” the company admitted. “This is due to essential maintenance and at present it is unclear how long this will take.”
“In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information … this maintenance doesn’t affect PSN on consoles, only the website you click through to from the password change email.” Sony
The company is presumably working on an amended way to verify users are who they say they are, which we’re expecting to show up sooner rather than later. Still, the somewhat naive decision in the first place is unlikely to help Sony win back the confidence of its gamers.