Skip to main content

Sony 'fixes' latest PSN vulnerability - possibly

Sony says it has plugged the hole that could have allowed hackers access to user accounts on its PlayStation Network and Qriocity entertainment services.

The company yesterday downed the password reset page for its hacked PlayStation Network and Qriocity services after it was pointed out that the hackers that broke in and stole account details for some 100 million users already had all the information they needed to hi-jack those accounts by using the page to reset the password.

Sony's now well-known corporate communications director Patrick Seybold claimed there was "a URL exploit" possible on the page, that he said Sony "subsequently fixed". He failed to give any further details.

"We temporarily took down the PSN and Qriocity password reset page,"he said. "Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed."

Seybold said: "Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up."

As was clear yesterday, changing a password to reactivate a PSN account remains possbile from a PS3, as the account is then tied to the machine. Resetting the password through Sony's holey web page was a procedure open to abuse - especially if you happen to have a database of some 100 million account details about your person.

It remains to be seen what measures Sony has taken to obviate the 'exploit' and when - if ever - the page will reappear on the web.