14 DAY TRIAL // The password reset system that Sony has been directing users who use the PlayStation Network to has been revealed to have a significant security issue, which potentially allows hackers to change the passwords of legitimate users while only using the email account they have registered with PSN and the date of their birth.
These pieces of information are available to the hacker group that has stolen the data of a huge number of users on April 20.
The exploit seems to have first demonstrated on the Nyleveia.com website, with the site saying, “I would suggest that you secure your accounts now by creating a completely new email that you will not use ANYWHERE ELSE, and switching your PSN account to use this new email,”
The author of the information on the new hack says, “You risk having your account stolen, when this hack becomes more public, if you do not make sure that your PSN account's email is one that cannot be affiliated with or otherwise traced to you.”
Since then, gamer news site Eurogamer has also seen video evidence confirming that the exploit is real.
The site has now been taken down and an official email from Sony says that this is not because of a new hacker attack but because it requires maintenance.
Sony has not offered any information on how long this might take.
A tweet from Sony also reads, “this maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email.”
At the moment PSN powered sign-in is also not available, including on the official PlayStation site and on the forums.
For now, the main PSN service is still available.
The exploit is potentially very damaging to Sony, a company that is now aiming to get back gamers trust after the problems it has since April 20, and the company will presumably keep the password reset pages down for as long as needed to take care of the exploit.