It's getting rather difficult to be surprised by Sony's lack
of security credentials when it comes to its PlayStation Network (PSN) service.
That's why today's latest revelation can't be too much of a shocker to those
that have been following
this ongoing saga.
to Joystiq, Sony has once again
taken web access to PSN offline after users found a gaping loophole in the
password recovery functionality on the site. "A new hack is currently
doing the rounds in dark corners of the internet that allows the attacker the
ability to change your password using only your account’s email and date of
birth," reports Nyleveia.
Considering that information like birth
dates and email addresses were obtained when PSN was initially hacked, it
looks as though anyone with access to the "master list" would have
the ability to change your account password.
Nyleveia goes on
I would suggest that
you secure your accounts now by creating a completely new email that you will
not use ANYWHERE ELSE, and switching your PSN account to use this new email.
You risk having your account stolen, when this hack becomes more public, if you
do not make sure that your PSN account’s email is one that cannot be affiliated
with or otherwise traced to you.
Sony is currently aware of the situation and is taking steps
to resolve the issue as soon as possible. For more information on the exploit,
check out Nyleveia's FAQ.
Perhaps the Japanese government was
wise to take a wait and see approach with regards to allowing PSN service to
restart in Japan…
quote: Why? Do you think M$ is a master of security?
quote: They may have more expertise than Sony, but I bet if the same group took a look at XBLA, they'd have another field day.