Sony quashes rumours that the PlayStation Network password reset exploit was used by hackers
Even after getting the PlayStation Network back up and running, it seems that Sony cannot keep itself out of the news when it comes to their online network being on the receiving end of another hacker attack. When rumours emerged that the PSN (PlayStation
Network) and Qriocity password reset page had been attacked by hackers they were back in the press.
Sony confirmed that the URL exploit did exist and that hackers could have potentially taken advantage of it as opposed to their earlier definitive statement that there were no attacks on the network and that the issue had been taken care of.
Nick Caplin, Sony Computer Entertainment Europe’s head of communications, explained, "We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there
was a URL exploit that we have subsequently fixed”.
The news came as a relief to the general gaming public and to Sony itself as another attack would have been detrimental to the company which is trying to regain the trust of the market and its consumers.
Caplin also requested that users use their PlayStation 3 consoles as the main source to reset their passwords while Sony works on getting the PlayStation and Qriocity websites back online.
"Consumers who haven't reset their passwords for PSN are still encouraged to do so directly on their PS3 (console). Otherwise, they can continue to do so via the website as soon as we bring that site back up",
Sony made it mandatory for users to change their passwords after reconnecting to the PSN after a firmware update to help boost security and protect user data.
However, it turned out that the hackers already had the relevant email account, PSN ID and password needed to hack into the user’s account the second time as well.
Thus, Sony promptly shut down the ability to change passwords over the internet, limiting the ‘change of password’ feature to the PlayStation 3 console, the user originally used the account on, hence, eliminating the threat.
Tags: