Sony’s PSN had barely been turned back on than it was yet again compromised – this time thanks to the astonishing oversight of requiring users to reset their passwords using the information which was already leaked to hackers.
The latest exploit is so obvious it is alarming that Sony did not think of it in spite of supposedly having teams of independent security experts audit its systems – to perform the compulsory password reset (from a computer), users require their PSN account email and their date of birth, both of which were already leaked in the original hack.
As all this information was known to hackers, in theory it could be used to compromise accounts again.
Sony had to take back down a large portion of its PSN services, in particular its password reset system, in response to the discovery. It has apparently since fixed the issue, originally brought to its attention by an independent third party.
However, there is no actual evidence that the exploit was used – admittedly not a very reassuring assurance.
Sony’s problems do not end there – the Japanese government is still blocking them from restoring PSN service in Japan, calling their explanations about their security measures “lacking” – a measure which angered many PSN users, but now looks increasingly justified.
Even where Sony has no legal impediment to its services, there is much to worry customers – prior to the latest hack, many users were expressing concern about its recently announced “free” identity protection package in fact being limited to 12 months, interpreted by some that they would now have to pay for full protection in future.
Top 10 Most Anticipated Anime of Winter 2016
Splatoon “Super Play Time” Absolutely Cringe-worthy
Saijaku Muhai no Bahamut “Dragons & Mechs?”
Monster Hunter X Megaman Event Profusely Blue
Love Live! Sunshine!! MV “Will Brighten Up Your Day!”
Top 10 Best Anime Girls of 2015
Hai to Gensou no Grimgar “Has Oppai!”
Picking Up Japan Express Vol. 36 Worth a Pickup
Dimension W Out Of This World
Odin Sphere: Leifthrasir PV Certainly Nostalgic
One-Punch Man Soundtrack PV Packs A Wallop
XmasTrickStar “A White Christmas Indeed…”
Wo-Class Carrier Ero-MMD In Dire Straights
Voice Translation Tool Promotional Video “Inexcusable!”
Luck & Logic Far From Lucky
Yandere Simulator Possibly Headed to Kickstarter
Top 20 Recent Anime Most In Need Of A Sequel
Hyrule Warriors Legends PV Clashes Interminably
Akagami no Shirayukihime English Dub Surfaces
Koukaku no Pandora Really Opens That Box
Gothic Lolita Hatsune Miku Cosplay Busts Out
Delectable Dizzy Cosplay by Lechat
Dark Elf Cosplay by Non Very Dark Indeed
Titillating Tamako Cosplay Perfectly Pink
Goddess of 2ch: “Full of Lust & Urges (& Also Videos)!”
Raunchy Reisen Inaba Cosplay by Tsuyato
Haruhi Bunny Girl Cosplay Rocks Out
Youmu Ero-Cosplay by Madoka Adachi Deadly Sexy
Comiket 89 Cosplay Sickeningly Sweet
Comiket 89 Cosplay A Guilty Pleasure
I felt a great disturbance in the Force, as if millions of people suddenly facepalmed...
& I am definitely 1 of them...
Cheer up *Pat pat*
this wouldn't of happened on the pc :p
go on and hack steam...
U MAD PC FAN BOI?
awww... steam just got hacked @ anon above
lmao, a pc being hacked happens all the time.
I facecontrollered
LOLZ... I LOLZ HERE!
Fucking genius post! Godd job sir!
Double face palm for me. I'm really close to getting a 360...
Itll be fine Lolz. But do get both consoles. :P
Oh Sony....
Sounds like a plot to decimate the already weakened economy of Japan.
They are already on their knees and now they have their knees broken.
Ugh. Sony is ridiculous. I will not accept this!
I refuse to be mind controlled. Sources or GTFO.
I refuse to play your Chinese mind games.
No And Then!
PSN was hacked again. lol this is... pathetic sony, and I can't help but laugh...
I can't even bring myself to care about all the free shit they're letting loose. Apart from user info I mean.
This is not a hack, it can hardly even be described as an exploit. Nothing significant has even occurred, only speculation. I know misleading headlines are common for SC but this one is a outright lie.
It's not a hack, but it's not "hardly an exploit" it's an exploit. >_>
Nope, it is serious hack. It should be absolutely impossible to reset password without at minimum, an access to your e-mail account. In this case all you had to know was name e-mail your victim used (date of birth could be bruteforced).
It was in essence, self inflicted SQL injection on Sony side.
but there is no hack happened here
I think the worst part of all this is they try to make a profit out of giving protection of something they should protect at all costs and for free.
Sony is really falling low.
I know, this is starting to simply be pure entertainment at this point & there isn't even a sure future for Sony in the future which is sad but oh well, I kind of don't care anymore at this point...
if you look at the user pics in the posts above me...
the first has a shy girl with her arm down.
the next has an embarrassed girl with her arm up and her tasty armpit showing. almost as if it had been forced up by some unseen armpit fetishist.
the third has a girl with her armpit showing but smiling.
I am strangely arroused by this post order.
Why do ppl always jump the gun? Sony noticed an exploit. That means they tested it themselves and found a hole in the system that "could" be exploited, not that it was hacked.
I'm actually glad Sony found their own exploits and informed everyone before it was actually exploited.
These articles are very misinforming, it's the information stolen from the previous hack, that could be used to exploit this hole, NOT that it was hacked again........
It was discovered by a third party who told Sony.
The exploit was up for days before anyone noticed. Who knows if someone used it? It still isn't clear if anyone actually used any of the information taken in the original hack, it hardly makes it any less serious.
But, if you don't have proof that the exploit was effectively used by someone, then you can't say it was hacked again, right?
Tru dat !! Proof or gtfo!
try google it... omg!!! why still the fanboys can't accept truth....
it is the way it is
these gaming corporation supervised networks suck
every time i buy a game run on steam i get reminded why pirated stuff rules
lol
lol
lol
C-C-C-......
not in the mood for it.. -.-
A hack is fine too.*
My little hacker can't be this cute
A hacks fine too.
I was thinking, can't sony just reset all accounts by theirself and send the new password via email?
Not if the hackers have your email
But they wouldn't have your email password? Unless you'd used the same across all accounts. Then it'd be YOUR fault.
Lol yeah. That would be the best way to do it. Send us a password, then you can lets us change it.
That idea is too genius for them to comprehend.
+ this so people know what REALLY happened.
HOW THE PASSWORD RESET WORKED.
Using the password reset website, you would enter your PSN Account, email, DoB, and Sony would send you an email. The email would contain a confirmation link, to confirm that you want to change your password. If you click the confirmation link, you would receive another email stating that your request to change your password has been confirmed.
The fact that they request the leaked info for the password reset does not matter because a "hacker" or "3rd party" would require access to your email account in order to click the confirmation link.
HOW THE INSECURITY WAS FOUND.
Numerous reports were being made on online gaming forums that, when the person started the password reset procedure on Sonys website, they received 2 emails, instead of 1. They received the email containing the confirmation link, AND the secondary email stating that the password reset request has been confirmed. They never clicked the link in the first email (which is a required condition to generate the second email).
WHAT THE INSECURITY WAS.
It was a URL exploit. By which the user could add a "string" to the URL in order to "confirm" the password reset. Thus bypassing the need to click the link in the generated email to confirm the reset. The fact that THIS is what happened is worse than if it were a hack, simply because, it's EASY to do. ANYONE could have done it. It's a SERIOUSLY rookie / dumb mistake.
Now you know!
Well you can't just take back the information the hackers have!
You get what you paid for I guess.
No There was no hack
I can still get PS3 on online
They are just
fixing their paasword setup.
Um.. excuse me but:
"users require their PSN account email and their date of birth"
So much for consumers being too stupid to change their passwords when using the exact same one for both PSN and their emails, even after being warned that the said password has been leaked. Next thing you know, despite the whole password reset thing being mainly based on overly stupid consumers, Sony will be blamed for it.
Exactly. People are blaming Sony for their own stupidity.