Just days after most services for the PlayStation Network (PSN) were brought back online, it appears a new exploit has been discovered that allows hackers to change users' passwords with the data stolen during the break-in to the service last month.
The sign-in for PlayStation Network on the web was out of service yesterday. (Screenshot by Erica Ogg/CNET)
The websites that allow PSN users to sign in and reset their passwords have since been taken offline, as the graphic above from PlayStation.com shows. This problem reportedly does not affect the ability to sign in via a PlayStation 3 or PlayStation Portable, just some Sony websites.
The report comes from gaming blog Nyleveia, which posted a warning to PSN users that their passwords might not be safe and contacted Sony about it.
Another blog, Eurogamer, says it confirmed the exploit, which allows someone to reset your password by knowing your email address used for the account and date of birth. That information is known to be among the data belonging to 100 million users of Sony's gaming services that was exposed between 17 and 19 April in the second-largest security breach in US history.
Eurogamer says users that changed the email address connected to the network account after the PSN was restored this weekend should not be at risk.
Yesterday, speaking to a handful of reporters, Sony CEO Howard Stringer admitted that while the company had rebuilt the security for PSN during the three weeks it was unavailable, no system could be guaranteed "100 per cent secure".
Sony spokesperson Patrick Seybold wrote yesterday in a blog post that Sony "temporarily took down the PSN and Qriocity password and reset page". There was "no hack", he emphasised, but a "URL exploit that we have subsequently fixed".