Sony's PSN password page exploit
When will it end?
Eurogamer has seen video evidence that verifies reports that Sony's PlayStation Network password reset system suffers from an exploit that allows attackers to change your password using only your PSN account email and your date of birth - information compromised in the PSN hack of 20th April.
Sony today made PSN sign-in unavailable for a number of its websites, including PlayStation.com and the PlayStation forums. All PlayStation game titles are also unavailable.
Crucially, the website users are directed to by password reset emails is now down.
"Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being," Sony said. "This is due to essential maintenance and at present it is unclear how long this will take.
"In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information."
Sony later tweeted: "Clarification: this maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email."
The exploit was first revealed on Nyleveia.com.
"I would suggest that you secure your accounts now by creating a completely new email that you will not use ANYWHERE ELSE, and switching your PSN account to use this new email," recommends the site.
"You risk having your account stolen, when this hack becomes more public, if you do not make sure that your PSN account's email is one that cannot be affiliated with or otherwise traced to you."
NeoGAF users have also corroborated the claim.
Nyleveia claims to have contacted Sony about the exploit. "The system went down approximately 15 minutes after I received a response from SCEE on the matter."
Sony has taken the page in question down, and with any luck is fixing the exploit.
Eurogamer has contacted Sony for comment.