The issue was first reported by Nyleveia, which was contacted by an unnamed source who reportedly performed the hack on a dummy account, prompting an e-mail message confirming that the password had been changed. Similar reports on gaming forum NeoGAF show an identical situation, in which the user provided the necessary information only to receive two subsequent e-mails: one claiming that someone was attempting to change the account's password and requesting the user click on a confirmation link, and another confirming that the password had been changed.
"I never clicked the confirmation link," the user wrote. "So yeah... my password was successfully changed by someone else."
Currently, users cannot sign in to PSN via websites like PlayStation.com. Instead, a message appears stating that the "server is currently down for maintenance." Meanwhile, a recent message on Sony Computer Entertainment Europe's Twitter feed reads "Fortunately we have got ISPs to release outstanding e-mails; unfortunately, a small amount of maintenance is required to improve this process." Followed soon after by "Clarification: this maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email."
Nyleveia claims to have contacted SCEE directly after finding the exploit and that the system was taken down roughly 15 minutes after this happened.
Ars has contacted Sony for comment but has yet to hear back as of publication. We will update you as we learn more information.
Update: Sony has posted an update on the PlayStation Blog, which states:
We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed. Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.
No comments:
Post a Comment