PlayStation Network, is it up or down? Hacked again?

Mike Bantick
Thursday, 19 May 2011 11:41

Your IT - Entertainment

Confusion reigns just days after the restoration of the PlayStation Network after an initial security breach three weeks before hand.  It all looks like another stumble in the attempt to get services back up and running, and certainly seems like Sony has not thought through all the security ramifications of being responsible for customer's personal data.

It's been down, it's been up, and now it's only kinda up.  The PlayStation Network has had its woes over the past month and is still having some issues.

On Monday the 16th of May, in Australia at least, the PSN burst into life, enabling long suffering PlayStation 3 owners a chance to get online and start fragging each other again, and collect their free Welcome Back goodies from Sony.

But, perhaps reinforcing just how desperate, and maybe rushed, the revamped PSN was brought online, there are some issues today.

Sony says that the PSN was effectively rebuilt from scratch security wise, and that is evident after firing up the PS3 and being greeted by the password change dialogue, with hardened requirements for new passwords.

But it seems the same thought has not gone into the PSN password update system provided by Sony via website.  This facility is currently down based on reports of an exploit easily deployed through the web based password change process.

Quite simply, knowing a PSN account holders email address and date of birth will enable anybody to reset the password via the website, sony quite rightly shutdown the access when alerted.

The word from the Australian arm of Sony told iTWire today; 'We can confirm PlayStation Network via PlayStation 3 is online in Australia. Password reset and registration of accounts via PC website is temporarily unavailable on our local website. Consumers who have not yet reset their passwords for PSN can still do so directly on their PS3.'   

Similar reports are filtering in from other experiences around the world:  Ars Technica has cited a number of incidents of users who have had their passwords changed without their knowledge.

On the PlayStation Blog, Sony confirms the issue: We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed. Consumers who haven't reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.

Be careful out there, and be extra wary of emails about this situation.  A network outage affecting upwards of 100 million accounts is just too much of an attraction for spammers or cyber-criminals.