Rumor: PSN Password Change Could Be Exploited (Update: It Was a URL Exploit and Has Been Fixed) | PS3Blog.net
Reported yesterday by the news site Nyleveia, PSN password changes were being exploited and could be easily be replaced by anyone who had basic information on the e-mail tied to any given account and the user.
In the spirit of warning users the site publicized this information and at the same time informed SCEE for them to solve the problem. Since then all web based PSN login / password recovery has been taken off the air. At the time, it’s unknown if this is a security measure to prevent the exploit from being more widely spread.
The site also provided one precaution measure to prevent users from having their accounts stolen:
1 – Create a new e-mail you won’t be using for anything else, not tied to your name in any way.
2 – Change your PSN e-mail to the new e-mail you created.
That way, it would be more difficult to any ill intended individual to get hold of the information necessary. Note that this exploit has been confirmed and tested by other sites as well, like Eurogamer.
Please keep in mind the means by which the exploit took place have been taken of the air since then, so for now, we’re safe. However I’d advise you to contact SCEE immediately if you receive the following e-mail unrelated to the time you’ve personally changed your password after the update.
This e-mail confirms that the password for your PlayStation(R)Network Account has been changed.
If you did not intend to change your password, contact Consumer Services for further assistance.
The PlayStation(R)Network Team
Update: 1-Up has posted new info. Sony states this was a URL exploit and has since been corrected.