Sony: PSN and Qriocity sites back up soon, exploit fixed

By Stephany Nunneley

Sony has announced that it has fixed the URL exploit which caused it to take the majority of its website services down earlier today.

According to the firm, the process of resetting of passwords caused the URL exploit, but it has since been fixed, and users who haven’t reset their passwords for PSN are still encouraged to do so on their PS3. However, if they want, customers can still use the website service once it is brought back up.

Earlier today, a report over on Eurogamer stated that Sony’s PSN password reset system contained an exploit which could potentially allow someone to change a customer’s PSN password using the accounts stored email and the user’s date of birth.

Due to the exploit, Sony made PSN sign-in unavailable on some of its websites, including: PlayStation.com, the PlayStation forums, PlayStation Blog, Qriocity.com, Music Unlimited via the web client, and all PlayStation game title websites.

“Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being,” Sony said in an earlier statement on the EU forums. “This is due to essential maintenance and at present it is unclear how long this will take.

“In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information. Clarification: this maintenance doesn’t affect PSN on consoles, only the website you click through to from the password change email.”

Nyleveia.com, which first found the exploit, suggested folks secure their accounts by creating a new email that would not be used anywhere else other than through PSN.

The site also suggested users switch their current PSN accounts over to a newly created email address.

“You risk having your account stolen, when this hack becomes more public, if you do not make sure that your PSN account’s email is one that cannot be affiliated with or otherwise traced to you,” said the site.

The site contracted Sony on the matter, and noted that the system “went down approximately 15 minutes,” after it received a respoce from SCEE.

According to a post over on NextGen, the exploit if used nefariously, would result in nothing more than a phishing scam, and because the user data was made vulnerable with the original hack, users will just be more susceptible to a phishing annoyance.

“These individuals could use the same information they stole from the PlayStation Network and do similar things with other services you may be subscribed to,” reads the site. “This is not at a weakness in the PlayStation Network’s security.”

NeoGAF noted that the pages were created in a certain manner for a reason, and that it is not technically an exploit.

Sony pulled the password reset website in the hopes of fixing the issue, which it seems to have done. The site should be back up soon, then.

Comments