Sony’s PSN had barely been turned back on than it was yet again compromised – this time thanks to the astonishing oversight of requiring users to reset their passwords using the information which was already leaked to hackers.
The latest exploit is so obvious it is alarming that Sony did not think of it in spite of supposedly having teams of independent security experts audit its systems – to perform the compulsory password reset (from a computer), users require their PSN account email and their date of birth, both of which were already leaked in the original hack.
As all this information was known to hackers, in theory it could be used to compromise accounts again.
Sony had to take back down a large portion of its PSN services, in particular its password reset system, in response to the discovery. It has apparently since fixed the issue, originally brought to its attention by an independent third party.
However, there is no actual evidence that the exploit was used – admittedly not a very reassuring assurance.
Sony’s problems do not end there – the Japanese government is still blocking them from restoring PSN service in Japan, calling their explanations about their security measures “lacking” – a measure which angered many PSN users, but now looks increasingly justified.
Even where Sony has no legal impediment to its services, there is much to worry customers – prior to the latest hack, many users were expressing concern about its recently announced “free” identity protection package in fact being limited to 12 months, interpreted by some that they would now have to pay for full protection in future.