Hacked Again? New PlayStation Network Password Exploit Surfaces
Reports are circulating this morning that the PlayStation Network’s been hacked, you know, again. The hack involves the PSN web-based password reset page, where it’s said anyone can change someone else’s password using their PSN account email and date of birth—both details possibly (though not confirmedly) obtained by hackers in the mid-April breach.
How do we know the hack’s legit? We don’t. But Sony's taken the PSN login and password reset page down for “maintenance,” while Eurogamer’s claiming it’s seen actual video footage of the hack in action.
Technically speaking, this sounds less like a “hack” than an exploit, meaning it’s fairly surface-level and—according to news-breaker Nyleveia—involves “a vulnerability in the password reset form currently implemented, not properly verifying tokens.”
Though Sony claims the “small amount of maintenance” in taking the PSN login page down has to do with improving the password reset process, Nyleveia says the page went offline “approximately 15 minutes after [it] received a response from SCEE [Sony Computer Entertainment Europe] on the matter.”
One thing’s certain: the PSN web login page is indeed down (see shot up top—that’s what you’ll get if you hit the main site and attempt to log in). Let’s hope Sony clarifies what’s going on as soon as possible, and explains whether there was or wasn’t an exploit involved.