Rumor: PSN Password Change Could Be Exploited (Update: It Was a URL Exploit and Has Been Fixed)


Reported yesterday by the news site Nyleveia, PSN password changes were being exploited and could be easily be replaced by anyone who had basic information on the e-mail tied to any given account and the user.

In the spirit of warning users the site publicized this information and at the same time informed SCEE for them to solve the problem. Since then all web based PSN login / password recovery has been taken off the air. At the time, it’s unknown if this is a security measure to prevent the exploit from being more widely spread.

The site also provided one precaution measure to prevent users from having their accounts stolen:

1 – Create a new e-mail you won’t be using for anything else, not tied to your name in any way.
2 – Change your PSN e-mail to the new e-mail you created.

That way, it would be more difficult to any ill intended individual to get hold of the information necessary. Note that this exploit has been confirmed and tested by other sites as well, like Eurogamer.

Please keep in mind the means by which the exploit took place have been taken of the air since then, so for now, we’re safe. However I’d advise you to contact SCEE immediately if you receive the following e-mail unrelated to the time you’ve personally changed your password after the update.

Dear ________,
This e-mail confirms that the password for your PlayStation(R)Network Account has been changed.
If you did not intend to change your password, contact Consumer Services for further assistance.

http://www.us.playstation.com/corporate/contactus/

Thank you.
The PlayStation(R)Network Team

Update: 1-Up has posted new info. Sony states this was a URL exploit and has since been corrected.


Written by: pedrolabate - News Contributor


  1. #1 by Jason on May 18th, 2011 [ 28406 Points ]

    This the end my only friend the end. Jim Morrison

  2. #2 by Oly on May 18th, 2011 [ 132360 Points ]

    I have one account I needed to change via email but hadn’t yet. I wonder if I can do it on my PS3 now.. hmm.. will check tonight.

  3. #3 by EdEN on May 18th, 2011 [ 142861 Points ]

    It was bound to happen since they left the door open to it… because it was stupid to leave the door open.

    I lost one account because of this and will definitely create an alternate email for my other ones.

  4. #4 by Pedro on May 18th, 2011 [ 39949 Points ]

    @Eden it’s sad it happened to you, this really sucks.

    I’ve received the password change e-mail today at work and I’m worried if this could mean my US PSN account has been stolen., specially because I have many credits tied to that wallet.

    The door left open is honestly unacceptable. It involved little effort and knowledge to abuse and I’d expect Sony to cover all the bases after such a huge security problem over the past month.

    Since everything is now offline I’ll have to wait until I get home to check it. Right now I’m considering changing the my e-mail, but that’s not really what I wanted to do.

  5. #5 by Eddie on May 18th, 2011 [ 44542 Points ]

    To my knowledge…not one account has yet been “stolen” due to this hole. Nothing has been exploited as of yet.

  6. #6 by IvanTheGent on May 18th, 2011 [ 380 Points ]

    Goddamn it.. seriously what the hell!?

  7. #7 by Eddie on May 18th, 2011 [ 44542 Points ]

    Also this is not new. This “problem” has existed since PS3 launched.

  8. #8 by IvanTheGent on May 18th, 2011 [ 380 Points ]

    Thats even worse…

  9. #9 by Eddie on May 18th, 2011 [ 44542 Points ]

    IvanTheGent:

    Thats even worse…  

    ^

    Yes and no. Yes because it was never fixed. No because the worst thing this could cause you is a little annoyance. Using this “hack”…not even a hack…more like social engineering, even if they take your account, you’re notified via email and can contact Sony immediately to have it reversed.

  10. #10 by myk26 on May 18th, 2011 [ 1325 Points ]

    Taking more hits then Schwarzenegger…

  11. #11 by Pedro on May 18th, 2011 [ 39949 Points ]

    Eddie: Also this is not new.This “problem” has existed since PS3 launched.  

    That I didn’t know. But I’ve seen someone already took care of that with the title of the post.

    Problem is if your account was “stolen” and possible credits used or downloads use. Also, if the person had access to your account they would also have access to all your personal information stored. Please correct me if I’m wrong.

  12. #12 by Eddie on May 18th, 2011 [ 44542 Points ]

    Well one thing..PSN store isn’t up, so they can’t use your credit or wallet for anything yet.

    The rumor or speculation at this point is the person that could/would do this are the hackers since they already have all of your personal information. This particular hack requires your birth date. Nobody will know this info except you, friends and ofcourse the original PSN hackers since your DOB was stored on your PSN account.

  13. #13 by Pedro on May 18th, 2011 [ 39949 Points ]

    That’s true. But I disagree with the part only friends and original hackers would have access to it. Many of the players use their e-mail for other online communities such as this one for example and information regarding your birth date could be available.

    I’m not saying we should all be paranoid about it, but I really do think they should ask for a more secure information. The majority of sites would just e-mail you the new password, that would prevent this from being harmful I guess.

  14. #14 by myk26 on May 18th, 2011 [ 1325 Points ]

    I see where this is headed….and I say I like it at all!

    By the time the next gen gets here, it will be easier to apply for a bank loan then it will be to create an online account.

  15. #15 by premiersoupir on May 18th, 2011 [ 17020 Points ]

    Sony needs some positive press, stat! That or we need another reminder of why MS and Nintendo are lackluster.

  16. #16 by Pedro on May 18th, 2011 [ 39949 Points ]

    premiersoupir: Sony needs some positive press, stat! That or we need another reminder of why MS and Nintendo are lackluster.  

    http://www.gameinformer.com/b/news/archive/2011/05/18/microsoft-replacing-360s-incompatible-with-new-firmware.aspx

    This is pretty weird news regarding the 360.

  17. #17 by myk26 on May 18th, 2011 [ 1325 Points ]

    That’s actually FANTASTIC news from MS! I’ve never hoped for an update to brick my console…now, this is all I want!!!

    Playing my free Sony games while I wait for my free 360 upgrade!!! LOL! The life of a multi-consoler is good!

  18. #18 by PAUL FIERCE on May 18th, 2011 [ 11887 Points ]

    E3 FEATURING PAUL… Paul who? me?

  19. #19 by Emrah on May 18th, 2011 [ 7319 Points ]

    Sony’s incompetence lingers. For example, their whole www psn sign system is open to exploits by phishers. I was to write an article about it long before this PSN problem but since this latest incident tops any security problem there was no point anymore. Basically, they let you sign in using iframes within websites like resistance.com and killzone.com . That should be a no go from the start. The way they let you log in on supported sites make it possible for phishers to deceive even seasoned users. Just look at how well facebook login’s are done, and implement a similar system.

  20. #20 by Yourgor on May 18th, 2011 [ 940 Points ]

    R they saying if you get this message

    Dear ________,
    This e-mail confirms that the password for your PlayStation(R)Network Account has been changed.
    If you did not intend to change your password, contact Consumer Services for further assistance.

    that it is stolen? cause I got that same email when I changed my password.

  21. #21 by Pedro on May 18th, 2011 [ 39949 Points ]

    @Yourgor: No, you get that e-mail whenever you change your password. You should only be alarmed if it happened again and it wasn’t you the person who changed that.

    But since the problem is now solved you needn’t worry

  22. #22 by Yourgor on May 18th, 2011 [ 940 Points ]

    @Pedro,

    oh ok wow thanks.

  23. #23 by Markus on May 19th, 2011 [ 4322 Points ]

    I’m not too worried but I could still do w/o this…


You must be logged in to post a comment.

Like trophies? Like giveaways? Want to speak your mind? Register here!