Home & Office

PlayStation Network Sign-in is down again due to new security loophole

PSN Sign-in is offline due to new security hole that can reset passwords using just the date of birth and email address -- information that was stolen in the first attack.
Written by Gloria Sin, Inactive

After restarting the PlayStation Network around the world this past weekend and promising tougher security for customers' data, the PSN Sign-in is once again offline as Sony is working to patch a new security hole.

According to Nyleveia.com, the new loophole can reset passwords using just the user's date of birth and email address -- information that was stolen in the first attack. This means even if the user has logged in after the restart to create a new login, that login may already be useless due to this new vulnerability.

Nyleveia's unnamed source demoed this breach to the staff to prove that it is a real threat, and Eurogamer has also seen video evidence that corroborates with Nylevia's claims. Nyleveia has also passed what it discovered to Sony Computer Entertainment Europe. Since then, a number of sites have become inaccessible for login including:

  • PlayStation.com
  • PlayStation forums
  • all PlayStation game titles
  • PlayStation Blog
  • Qriocity.com
  • Music Unlimited via the web client
  • site where users are directed to to reset their passwords

In a brief statement confirming that the PSN has been taken offline, Sony said, “Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance and at present it is unclear how long this will take."

Sony also reiterated that only the login site is down and not the entire PSN in a tweet, "Clarification: this maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email."

That said, "[users] will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information,” according to Sony.

Is there anything a PSN customer can do to better protect their own data? Nyleveia is recommending that all users create a dedicated email account to link only to their PSN account so if any personal information is ever stolen, it would only affect their ability to log into the PSN. You can refer to the FAQ for further details.

[Source: Nyleveia via MCVEngadget, Eurogamer, Kotaku]

Additional ZDNet coverage:

Editorial standards