Image Image Image Image Image Image Image Image Image Image | January 21, 2018

Scroll to top



Rumor: PSN Password Change Could Be Exploited (Update: It Was a URL Exploit and Has Been Fixed) |

Reported yesterday by the news site Nyleveia, PSN password changes were being exploited and could be easily be replaced by anyone who had basic information on the e-mail tied to any given account and the user.

In the spirit of warning users the site publicized this information and at the same time informed SCEE for them to solve the problem. Since then all web based PSN login / password recovery has been taken off the air. At the time, it’s unknown if this is a security measure to prevent the exploit from being more widely spread.

The site also provided one precaution measure to prevent users from having their accounts stolen:

1 – Create a new e-mail you won’t be using for anything else, not tied to your name in any way.
2 – Change your PSN e-mail to the new e-mail you created.

That way, it would be more difficult to any ill intended individual to get hold of the information necessary. Note that this exploit has been confirmed and tested by other sites as well, like Eurogamer.

Please keep in mind the means by which the exploit took place have been taken of the air since then, so for now, we’re safe. However I’d advise you to contact SCEE immediately if you receive the following e-mail unrelated to the time you’ve personally changed your password after the update.

Dear ________,
This e-mail confirms that the password for your PlayStation(R)Network Account has been changed.
If you did not intend to change your password, contact Consumer Services for further assistance.
Thank you.
The PlayStation(R)Network Team

Update: 1-Up has posted new info. Sony states this was a URL exploit and has since been corrected.

  • This the end my only friend the end. Jim Morrison

  • Oly

    I have one account I needed to change via email but hadn’t yet. I wonder if I can do it on my PS3 now.. hmm.. will check tonight.

  • It was bound to happen since they left the door open to it… because it was stupid to leave the door open.

    I lost one account because of this and will definitely create an alternate email for my other ones.

  • @Eden it’s sad it happened to you, this really sucks.

    I’ve received the password change e-mail today at work and I’m worried if this could mean my US PSN account has been stolen., specially because I have many credits tied to that wallet.

    The door left open is honestly unacceptable. It involved little effort and knowledge to abuse and I’d expect Sony to cover all the bases after such a huge security problem over the past month.

    Since everything is now offline I’ll have to wait until I get home to check it. Right now I’m considering changing the my e-mail, but that’s not really what I wanted to do.

  • To my knowledge…not one account has yet been “stolen” due to this hole. Nothing has been exploited as of yet.

  • Goddamn it.. seriously what the hell!?

  • Also this is not new. This “problem” has existed since PS3 launched.

  • Thats even worse…

  • IvanTheGent:

    Thats even worse…  


    Yes and no. Yes because it was never fixed. No because the worst thing this could cause you is a little annoyance. Using this “hack”…not even a hack…more like social engineering, even if they take your account, you’re notified via email and can contact Sony immediately to have it reversed.

  • Taking more hits then Schwarzenegger…

  • Eddie: Also this is not new.This “problem” has existed since PS3 launched.  

    That I didn’t know. But I’ve seen someone already took care of that with the title of the post.

    Problem is if your account was “stolen” and possible credits used or downloads use. Also, if the person had access to your account they would also have access to all your personal information stored. Please correct me if I’m wrong.

  • Well one thing..PSN store isn’t up, so they can’t use your credit or wallet for anything yet.

    The rumor or speculation at this point is the person that could/would do this are the hackers since they already have all of your personal information. This particular hack requires your birth date. Nobody will know this info except you, friends and ofcourse the original PSN hackers since your DOB was stored on your PSN account.

  • That’s true. But I disagree with the part only friends and original hackers would have access to it. Many of the players use their e-mail for other online communities such as this one for example and information regarding your birth date could be available.

    I’m not saying we should all be paranoid about it, but I really do think they should ask for a more secure information. The majority of sites would just e-mail you the new password, that would prevent this from being harmful I guess.

  • I see where this is headed….and I say I like it at all!

    By the time the next gen gets here, it will be easier to apply for a bank loan then it will be to create an online account.

  • Sony needs some positive press, stat! That or we need another reminder of why MS and Nintendo are lackluster.

  • premiersoupir: Sony needs some positive press, stat! That or we need another reminder of why MS and Nintendo are lackluster.

    This is pretty weird news regarding the 360.

  • That’s actually FANTASTIC news from MS! I’ve never hoped for an update to brick my console…now, this is all I want!!!

    Playing my free Sony games while I wait for my free 360 upgrade!!! LOL! The life of a multi-consoler is good!

  • E3 FEATURING PAUL… Paul who? me?

  • Sony’s incompetence lingers. For example, their whole www psn sign system is open to exploits by phishers. I was to write an article about it long before this PSN problem but since this latest incident tops any security problem there was no point anymore. Basically, they let you sign in using iframes within websites like and . That should be a no go from the start. The way they let you log in on supported sites make it possible for phishers to deceive even seasoned users. Just look at how well facebook login’s are done, and implement a similar system.

  • R they saying if you get this message

    Dear ________,
    This e-mail confirms that the password for your PlayStation(R)Network Account has been changed.
    If you did not intend to change your password, contact Consumer Services for further assistance.

    that it is stolen? cause I got that same email when I changed my password.

  • @Yourgor: No, you get that e-mail whenever you change your password. You should only be alarmed if it happened again and it wasn’t you the person who changed that.

    But since the problem is now solved you needn’t worry

  • @Pedro,

    oh ok wow thanks.

  • I’m not too worried but I could still do w/o this…