Sony Hacked – Again

sony-psn-logo.jpg

Sony’s PSN had barely been turned back on than it was yet again compromised – this time thanks to the astonishing oversight of requiring users to reset their passwords using the information which was already leaked to hackers.

The latest exploit is so obvious it is alarming that Sony did not think of it in spite of supposedly having teams of independent security experts audit its systems – to perform the compulsory password reset (from a computer), users require their PSN account email and their date of birth, both of which were already leaked in the original hack.

As all this information was known to hackers, in theory it could be used to compromise accounts again.

Sony had to take back down a large portion of its PSN services, in particular its password reset system, in response to the discovery. It has apparently since fixed the issue, originally brought to its attention by an independent third party.

However, there is no actual evidence that the exploit was used – admittedly not a very reassuring assurance.

Sony’s problems do not end there – the Japanese government is still blocking them from restoring PSN service in Japan, calling their explanations about their security measures “lacking” – a measure which angered many PSN users, but now looks increasingly justified.

Even where Sony has no legal impediment to its services, there is much to worry customers – prior to the latest hack, many users were expressing concern about its recently announced “free” identity protection package in fact being limited to 12 months, interpreted by some that they would now have to pay for full protection in future.


    Post Comment »
    177 Comments
    Sort by: Date | Score
    Avatar of Megidola
    Comment by Megidola
    06:35 19/05/2011 # ! Quality (+1.0)

    I felt a great disturbance in the Force, as if millions of people suddenly facepalmed...

    Avatar of Kitsunemimi6
    Comment by Kitsunemimi6
    06:44 19/05/2011 # ! Quality (+1.0)

    & I am definitely 1 of them...

    Avatar of Konata Saika
    Comment by Konata Saika
    07:57 19/05/2011 # ! Neutral (0)

    Cheer up *Pat pat*

    Avatar of Master Evil The Return!
    10:52 19/05/2011 # ! Neutral (-0.3)

    this wouldn't of happened on the pc :p

    Comment by Anonymous
    11:46 19/05/2011 # ! Neutral (+0.2)

    go on and hack steam...

    Comment by Anonymous
    16:44 20/05/2011 # ! Neutral (0)

    U MAD PC FAN BOI?

    Avatar of Ciscotaku
    Comment by Ciscotaku
    00:20 12/11/2011 # ! Neutral (0)

    awww... steam just got hacked @ anon above

    Avatar of Ciscotaku
    Comment by Ciscotaku
    11:00 19/05/2011 # ! Neutral (0)

    lmao, a pc being hacked happens all the time.

    Comment by Anonymous
    11:05 19/05/2011 # ! Neutral (+0.2)

    I facecontrollered

    Comment by Anonymous
    21:28 19/05/2011 # ! Neutral (0)

    LOLZ... I LOLZ HERE!

    Avatar of Riiku
    Comment by Riiku
    22:43 19/05/2011 # ! Neutral (0)

    Fucking genius post! Godd job sir!

    Comment by Anonymous
    17:53 19/05/2011 # ! Neutral (0)

    Double face palm for me. I'm really close to getting a 360...

    Comment by Anonymous
    00:20 03/11/2011 # ! Neutral (0)

    Itll be fine Lolz. But do get both consoles. :P

    Avatar of Yoshii-kun
    Comment by Yoshii-kun
    11:08 19/05/2011 # ! Neutral (-0.2)

    Oh Sony....

    Comment by Anonymous
    23:06 19/05/2011 # ! Neutral (0)

    Sounds like a plot to decimate the already weakened economy of Japan.

    Comment by Anonymous
    16:23 20/05/2011 # ! Neutral (0)

    They are already on their knees and now they have their knees broken.

    Avatar of realsilverjunk
    Comment by realsilverjunk
    06:26 19/05/2011 # ! Quality (+0.8)

    Ugh. Sony is ridiculous. I will not accept this!

    Comment by Anonymous
    12:51 19/05/2011 # ! Neutral (0)

    I refuse to be mind controlled. Sources or GTFO.

    Comment by Anonymous
    09:54 20/05/2011 # ! Neutral (0)

    I refuse to play your Chinese mind games.

    No And Then!

    Avatar of Dreck
    Comment by Dreck
    06:29 19/05/2011 # ! Good (+0.7)

    PSN was hacked again. lol this is... pathetic sony, and I can't help but laugh...

    I can't even bring myself to care about all the free shit they're letting loose. Apart from user info I mean.

    Comment by Anonymous
    06:46 19/05/2011 # ! Good (+0.6)

    This is not a hack, it can hardly even be described as an exploit. Nothing significant has even occurred, only speculation. I know misleading headlines are common for SC but this one is a outright lie.

    Comment by Anonymous
    12:44 19/05/2011 # ! Neutral (+0.2)

    It's not a hack, but it's not "hardly an exploit" it's an exploit. >_>

    Comment by Anonymous

    Nope, it is serious hack. It should be absolutely impossible to reset password without at minimum, an access to your e-mail account. In this case all you had to know was name e-mail your victim used (date of birth could be bruteforced).

    It was in essence, self inflicted SQL injection on Sony side.

    Comment by Anonymous
    11:55 20/05/2011 # ! Neutral (0)

    but there is no hack happened here

    Avatar of Hikayuri
    Comment by Hikayuri
    06:37 19/05/2011 # ! Good (+0.4)

    I think the worst part of all this is they try to make a profit out of giving protection of something they should protect at all costs and for free.
    Sony is really falling low.

    Avatar of Kitsunemimi6
    Comment by Kitsunemimi6
    06:43 19/05/2011 # ! Neutral (0)

    I know, this is starting to simply be pure entertainment at this point & there isn't even a sure future for Sony in the future which is sad but oh well, I kind of don't care anymore at this point...

    Comment by Anonymous
    19:29 19/05/2011 # ! Neutral (0)

    if you look at the user pics in the posts above me...
    the first has a shy girl with her arm down.

    the next has an embarrassed girl with her arm up and her tasty armpit showing. almost as if it had been forced up by some unseen armpit fetishist.

    the third has a girl with her armpit showing but smiling.

    I am strangely arroused by this post order.

    Avatar of MoMoGi
    Comment by MoMoGi
    10:17 19/05/2011 # ! Good (+0.4)

    Why do ppl always jump the gun? Sony noticed an exploit. That means they tested it themselves and found a hole in the system that "could" be exploited, not that it was hacked.

    I'm actually glad Sony found their own exploits and informed everyone before it was actually exploited.

    These articles are very misinforming, it's the information stolen from the previous hack, that could be used to exploit this hole, NOT that it was hacked again........

    Avatar of Artefact
    Comment by Artefact

    It was discovered by a third party who told Sony.

    The exploit was up for days before anyone noticed. Who knows if someone used it? It still isn't clear if anyone actually used any of the information taken in the original hack, it hardly makes it any less serious.

    Avatar of El Chaos
    Comment by El Chaos
    20:22 19/05/2011 # ! Neutral (0)

    But, if you don't have proof that the exploit was effectively used by someone, then you can't say it was hacked again, right?

    Comment by Anonymous
    13:50 20/05/2011 # ! Neutral (0)

    Tru dat !! Proof or gtfo!

    Comment by Anonymous
    21:20 19/05/2011 # ! Neutral (0)

    try google it... omg!!! why still the fanboys can't accept truth....

    Comment by Anonymous

    it is the way it is
    these gaming corporation supervised networks suck
    every time i buy a game run on steam i get reminded why pirated stuff rules

    Avatar of Alfredonm
    Comment by Alfredonm
    Avatar of anon12010
    Comment by anon12010
    Avatar of Alice
    Comment by Alice
    06:45 19/05/2011 # ! Neutral (0)

    lol

    Comment by flood
    21:58 19/05/2011 # ! Neutral (0)

    C-C-C-......

    not in the mood for it.. -.-

    Comment by Anonymous
    13:36 20/05/2011 # ! Neutral (0)

    A hack is fine too.*

    Comment by Anonymous
    09:55 20/05/2011 # ! Neutral (0)

    My little hacker can't be this cute

    Comment by Anonymous
    08:12 19/05/2011 # ! Neutral (0)

    A hacks fine too.

    Avatar of Ookami
    Comment by Ookami
    06:39 19/05/2011 # ! Good (+0.4)

    I was thinking, can't sony just reset all accounts by theirself and send the new password via email?

    Comment by Anonymous
    07:07 19/05/2011 # ! Neutral (+0.2)

    Not if the hackers have your email

    Avatar of FreeHopper
    Comment by FreeHopper
    12:50 19/05/2011 # ! Good (+0.4)

    But they wouldn't have your email password? Unless you'd used the same across all accounts. Then it'd be YOUR fault.

    Comment by Anonymous
    00:24 03/11/2011 # ! Neutral (0)

    Lol yeah. That would be the best way to do it. Send us a password, then you can lets us change it.

    Avatar of konakona
    Comment by konakona
    22:15 19/05/2011 # ! Neutral (+0.2)

    That idea is too genius for them to comprehend.

    Comment by Anonymous
    06:22 20/05/2011 # ! Neutral (0)

    + this so people know what REALLY happened.

    HOW THE PASSWORD RESET WORKED.

    Using the password reset website, you would enter your PSN Account, email, DoB, and Sony would send you an email. The email would contain a confirmation link, to confirm that you want to change your password. If you click the confirmation link, you would receive another email stating that your request to change your password has been confirmed.

    The fact that they request the leaked info for the password reset does not matter because a "hacker" or "3rd party" would require access to your email account in order to click the confirmation link.

    HOW THE INSECURITY WAS FOUND.

    Numerous reports were being made on online gaming forums that, when the person started the password reset procedure on Sonys website, they received 2 emails, instead of 1. They received the email containing the confirmation link, AND the secondary email stating that the password reset request has been confirmed. They never clicked the link in the first email (which is a required condition to generate the second email).

    WHAT THE INSECURITY WAS.

    It was a URL exploit. By which the user could add a "string" to the URL in order to "confirm" the password reset. Thus bypassing the need to click the link in the generated email to confirm the reset. The fact that THIS is what happened is worse than if it were a hack, simply because, it's EASY to do. ANYONE could have done it. It's a SERIOUSLY rookie / dumb mistake.

    Now you know!

    Comment by Anonymous
    13:15 19/05/2011 # ! Neutral (+0.2)

    Well you can't just take back the information the hackers have!

    Comment by Anonymous
    07:44 19/05/2011 # ! Neutral (+0.2)

    You get what you paid for I guess.

    Avatar of bicyclerepairman
    Comment by bicyclerepairman
    11:07 19/05/2011 # ! Neutral (+0.2)

    No There was no hack
    I can still get PS3 on online
    They are just
    fixing their paasword setup.

    Comment by Anonymous
    07:13 19/05/2011 # ! Neutral (+0.2)

    Um.. excuse me but:

    "users require their PSN account email and their date of birth"

    So much for consumers being too stupid to change their passwords when using the exact same one for both PSN and their emails, even after being warned that the said password has been leaked. Next thing you know, despite the whole password reset thing being mainly based on overly stupid consumers, Sony will be blamed for it.

    Comment by Anonymous
    00:27 03/11/2011 # ! Neutral (0)

    Exactly. People are blaming Sony for their own stupidity.







    Post Comment »

Popular

Recent News

Recent Galleries

Recent Comments