PlayStation Network hit by new security problem [Yes, a new one]

Published on 05-18-2011 10:23 PM

Sony’s efforts to restore the PlayStation Network following a huge data theft have stalled after users spotted a new security problem that could allow criminals to take control of accounts.

The Japanese giant had been asking tens of millions of users worldwide to change their online gaming passwords after its systems were breached by hackers last month.

But it was forced to shut down the process overnight after it was shown that anyone could change a password using only a user’s email address and date of birth. Both pieces of personal data were stolen in April's security breach.

According to Nyleveia, a videogames blog that was first to report the new problem, Sony’s reset process was not properly verifying Authentication Tokens, the small files used to establish a secure connection between consoles and the PlayStation Network.

The blog said it contacted Sony, which shut down the password reset process around 15 minutes later.

A Sony spokesman confirmed the reason behind the outage and said engineers are working to patch the vulnerability.

PlayStation 3 owners who have already changed their password are able to play games online, but those who have not will have to wait until the latest problem is resolved.
They are currently greeted with a message saying “this is due to essential maintenance and at present it is unclear how long this will take”.
It heaps further embarrassment on Sony, which was forced to shut down the PlayStation Network on 20 April when it detected the breach of its systems. It remained offline until late last week as the firm investigated and attempted to improve security.
Sony's senior executives have made a series of humbling public apologies and PlayStation owners are being offered free games in compensation for the lengthy outage.

In a letter to US Congressmen, the firm's chairman, Kazuo Hirai, said evidence found by investigators had implicated Anonymous, the activist collective best known for its digital attacks last year in support of WikiLeaks.

Source: Telegraph

Categories:
Gaming,
Internet

8 Comments

OlegL - 05-18-2011, 10:29 PM
- Reply
Wow.

megabyteme - 05-19-2011, 12:05 AM
- Reply

phrenzy - 05-19-2011, 01:21 AM
- Reply
Not really funny to the people want to play and don't really care about all the BS.

stlcardinal9 - 05-19-2011, 02:52 AM
- Reply
Sony is through with the PS3 might as well roll out the PS4 because the hackers are not going to stop with homebrew!

tippertime - 05-19-2011, 04:06 AM
- Reply
not sure i have ever seen something so embarrassing to a company as this...RRod is close though...

TrakeM - 05-19-2011, 06:47 PM
- Reply
Well, you can't blame them. I mean, it's hard to get your security fixed when you're busy taking questionable legal tactics to sue someone who didn't even break the law and then harassing him after you drop the charges because you know you can't win in court despite your massive advantage via having more money. Those kinds of battles take up so much time. If/when they get done with that they might have time to work on securing their customers data.

Tarom - 05-19-2011, 11:49 PM
- Reply
Sony's embarrassment isnt over yet. Even after all current security breaches are sorted out, keep in mind that the stolen data (financial part) hasnt surfaced anywhere yet. I am pretty sure it will be released in parts over periods of time to the public (but not sold since its too hot of a commodity for anyone to touch) to add to repeated Sony's embaresement. As a corp that publicly traded that will repeatedly hit their stock prices. talk about diabolic revenge... SHORT Sony ppl, make a buck while you can

phrenzy - 05-20-2011, 01:20 AM
- Reply
Sony should just end the playstation as a big FU to everyone.... You want to hack, now you got nothing, have fun.........