Just days after bringing their PlayStation Network back up, Sony has suffered another incident. In a report by Nyleveia and confirmed by Eurogamer, PlayStation pages, including the page users are sent to to change their passwords if they click through an email, were taken down 15 minutes after Nyleveia contacted Sony Computer Entertainment of Europe. Sony has since updated their PlayStation Blog to state that the cause of the outage was a URL exploit that has since been fixed. The actual exploit, reported by Kotaku, involved working around the unique token identifier for resetting a password, and only required knowing a PSN user’s email address and date of birth. The exploit, mistakenly called a “hack” in prior reports, only affects Sony’s websites, and does not affect the PlayStation Network itself. Users were sent an email when their passwords were changed to let them know, tipping some users off that there was a problem.
Nyleveia’s “Nevada” has recommended that people using the PlayStation Network use an email address that isn’t used for anything else to keep their identity from being further compromised. The report comes on the same day Sony CEO Howard Stringer lashed out at critics who took issue with his company’s response to the initial PSN hack.
Analysis: This is basic-level URL exploitation. Sony made all of that effort to make sure that the system was “secure”, and THIS slipped their notice?
Ultimately, this is nothing more than a PR issue for Sony; the exploit was minor, and it was fixed. But it does make one wonder if Japan’s doing the right thing in keeping their service down until Sony can show them that it’s ready for prime time again.