Just two days after the PlayStation Network was restored after a near month-long outage, the PSN password page has apparently been exploited. According to reports, the exploit allows other users to reset your account password using only your e-mail address and date of birth. This personal data was made available to hackers during the initial PSN attack.Reader Joseph emailed me this (literally) breaking news news. Sony's Playstation Network (their online multi-user game playing via the Internet setup) got pwned, and hard. Hackers pwned it, hard, stealing just about all subscriber information Sony had.
The good news is that it seems that the credit card numbers were stored encrypted, meaning that (hopefully) the Bad Guys may not have them. The bad news is that the Bad Guys have everything else, including your password, the answer to your security question, etc.
Playstation Network users need to log on and change ALL their personal information that they can, because automated attacks using the information already compromised are going on right now.
Spread the word about this to your gaming friends. This is no joke.
I've always perceived Sony as very tight with DRM for themselves. Music CDs that put root kits on your PC. Difficult to copy CDs and DVDs.
ReplyDeleteNot so tight with our info, are they?
except they've already re-shutdown the password changing functionality of the website, as it was exploitable...
ReplyDeleteI hope that Sony Playstation will do something about it really fast. Hackers keeps on celebrating while this kind of problem happens. I'm a big fan of PS, and I don't want them mess this one down.
ReplyDelete