Print 59 comment(s) - last by Poikilothermic.. on May 24 at 5:23 PM

"You cannot be serious!!"

Users are greeted with this message when trying to login to PSN through Sony's website
Sony strikes again!

It's getting rather difficult to be surprised by Sony's lack of security credentials when it comes to its PlayStation Network (PSN) service. That's why today's latest revelation can't be too much of a shocker to those that have been following this ongoing saga.

According to Joystiq, Sony has once again taken web access to PSN offline after users found a gaping loophole in the password recovery functionality on the site. "A new hack is currently doing the rounds in dark corners of the internet that allows the attacker the ability to change your password using only your account’s email and date of birth," reports Nyleveia.

Considering that information like birth dates and email addresses were obtained when PSN was initially hacked, it looks as though anyone with access to the "master list" would have the ability to change your account password.

Nyleveia goes on to warn:

I would suggest that you secure your accounts now by creating a completely new email that you will not use ANYWHERE ELSE, and switching your PSN account to use this new email. You risk having your account stolen, when this hack becomes more public, if you do not make sure that your PSN account’s email is one that cannot be affiliated with or otherwise traced to you.

Sony is currently aware of the situation and is taking steps to resolve the issue as soon as possible. For more information on the exploit, check out Nyleveia's FAQ.

Perhaps the Japanese government was wise to take a wait and see approach with regards to allowing PSN service to restart in Japan…

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Xbox 360
By karielash on 5/19/2011 6:26:56 AM , Rating: 2

You could argue that the loss of the entire Windows Code base was a fairly significant security breach from an intellectual property point of view.

But other than that, you say you know what security MS employs, that means one of a couple of things:

1. you work with MS and are now discussing the levels of security they employ on a public, which is a security breach in itself.

2. You don't know what security they employ and are merely puffing gas out of your rear and smearing it all over a public forum... messy....

As for most other companies employing high levels of security on their shared data I will refer you to Epsilon (just the latest in a string of breaches) where basic precautions with the customer data of some of the biggest commercial institutions in the country were not taken.

Personally I would say a lot of other companies are in exactly the same boat as Sony are in except their boats haven't been sunk yet..... and little or nothing will be done about it until the Feds starting outfitting some of the CISO's responsible with those snazzy orange jump suits and inviting them for a long stay at a federal entertainment center.

"And boy have we patented it!" -- Steve Jobs, Macworld 2007

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki