Sections

Sony: PSN and Qriocity sites back up soon, exploit fixed

Wednesday, 18th May 2011 14:44 GMT By Stephany Nunneley

Sony has announced that it has fixed the URL exploit which caused it to take the majority of its website services down earlier today.

According to the firm, the process of resetting of passwords caused the URL exploit, but it has since been fixed, and users who haven’t reset their passwords for PSN are still encouraged to do so on their PS3. However, if they want, customers can still use the website service once it is brought back up.

Earlier today, a report over on Eurogamer stated that Sony’s PSN password reset system contained an exploit which could potentially allow someone to change a customer’s PSN password using the accounts stored email and the user’s date of birth.

Due to the exploit, Sony made PSN sign-in unavailable on some of its websites, including: PlayStation.com, the PlayStation forums, PlayStation Blog, Qriocity.com, Music Unlimited via the web client, and all PlayStation game title websites.

“Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being,” Sony said in an earlier statement on the EU forums. “This is due to essential maintenance and at present it is unclear how long this will take.

“In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information. Clarification: this maintenance doesn’t affect PSN on consoles, only the website you click through to from the password change email.”

Nyleveia.com, which first found the exploit, suggested folks secure their accounts by creating a new email that would not be used anywhere else other than through PSN.

The site also suggested users switch their current PSN accounts over to a newly created email address.

“You risk having your account stolen, when this hack becomes more public, if you do not make sure that your PSN account’s email is one that cannot be affiliated with or otherwise traced to you,” said the site.

The site contracted Sony on the matter, and noted that the system “went down approximately 15 minutes,” after it received a respoce from SCEE.

According to a post over on NextGen, the exploit if used nefariously, would result in nothing more than a phishing scam, and because the user data was made vulnerable with the original hack, users will just be more susceptible to a phishing annoyance.

“These individuals could use the same information they stole from the PlayStation Network and do similar things with other services you may be subscribed to,” reads the site. “This is not at a weakness in the PlayStation Network’s security.”

NeoGAF noted that the pages were created in a certain manner for a reason, and that it is not technically an exploit.

Sony pulled the password reset website in the hopes of fixing the issue, which it seems to have done. The site should be back up soon, then.

Latest

63 Comments

  1. jnms

    I’m not sure how anyone can trust Sony any more. This is getting beyond a joke.

    #1 4 years ago
  2. Razor

    Oh, Sony.

    #2 4 years ago
  3. LOLshock94

    i give up with sony

    #3 4 years ago
  4. Gekidami

    Yeah, because these hacker dicks doing all of this it totally Sonys fault, right?

    Let me guess, they’re still fighting for customers rights…

    #4 4 years ago
  5. Blerk

    picard.jpg

    #5 4 years ago
  6. OlderGamer

    Are they kidding? Its a joke right?

    #6 4 years ago
  7. reask

    I was on the killzone site a while ago and was unable to log in.
    Not sure if both are connected but I got the same screen I was getting during the hacking incident.
    I hope not anyway.

    #7 4 years ago
  8. Gama_888

    Thats embaressing
    after re-launching their whole new system the get caught out by something as silly as this?

    POOR SHOW SONY

    #8 4 years ago
  9. LOLshock94

    @4 sony new the risks and they took those ricks and looks whats happened so yes this is sonys fault

    #9 4 years ago
  10. reask

    Just tried the PSN site.
    Same screen.
    Looks like downtime again. :(

    #10 4 years ago
  11. Blerk

    Yup, UK Playstation site is now reporting PSN as ‘offline’.

    #11 4 years ago
  12. LOLshock94

    @10 is psn been shutdown again i was hoping to play some killzone 3 today?

    #12 4 years ago
  13. EscoBlades

    Roh oh!

    #13 4 years ago
  14. reask

    @ lol
    I havnt tried the ps3 but it looks like it might be.
    Edit: PS3 is online I have just tried it there now.

    #14 4 years ago
  15. Gekidami

    No, only the Playstation website log-ins are down. PSN is up.

    #15 4 years ago
  16. Blerk

    At least they seem to have handled it quickly this time, no?

    #16 4 years ago
  17. PenTaFH

    Oh great. Just two days ago I watched Kaz Hirai tell the world it all took so long because they wanted to be absolutely sure PSN was COMPLETELY SAFE. Now, two days later, this. Sony handled it good, but this is terrible. Both in publicity, and for the faith of customers.

    #17 4 years ago
  18. Gekidami

    @16
    About as quickly as last time, i.e; As soon as they found out.

    #18 4 years ago
  19. jnms

    @16 – That comes with lots of practice! :D

    #19 4 years ago
  20. OrbitMonkey

    So the Hackers who will not stop hacking ANYTHING Sony score another hit & surprise surprise its reported as THE END OF SONY ;)

    Think i’ll sit back & enjoy the same old faces start frothing at the mouth :D

    #20 4 years ago
  21. Erthazus

    Well, it’s sony. Are you surprised?

    #21 4 years ago
  22. djhsecondnature

    Amazing how many people are blaming hackers.

    This was an exploit found by a white hat hacker, who informed Sony, who are fixing it. If that is the case of course.

    Blimey, you’d think someone came and punched your mum in the face with the way some people are reacting.

    #22 4 years ago
  23. NeoSquall

    @16 ARE YOU CRAZY?? FIFTEEN MINUTES IS WAY TOO MUCH!!!

    Do you know how many accounts could get hacked in the meantime?

    /sarcasm

    #23 4 years ago
  24. daytripper

    fuck sake!

    #24 4 years ago
  25. FabioPal

    http://xkcd.com/327/

    “Little Bobby tables” :D

    #25 4 years ago
  26. Alakratt

    “In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services ynd view Trophy/Friends information. Clarification: this maintenance doesn’t affect PSN on consoles, only the website you click through to from the password change email.”

    Come down guys! This is only the login for the websites and the people who (strangely) prefer to change their passwords thru the site. I like how some of you try to make it seem as if Sony shut down PSN again. Really, fanboys get a fucking life!

    #26 4 years ago
  27. DGOJG

    GOD FUCKING DAMN IT! I’ve been trying for a few days to change the password via the web since I’m still at Uni. Not happy Sony. This is the last straw. We’re done.

    #27 4 years ago
  28. fouzi fayaz

    SONNY is fucked

    #28 4 years ago
  29. ManuOtaku

    #26 those people dont choose to change their passwords that way, i think is because if a user never bought anything on the PSN before need to do it this way, sadly for them, but maybe iam a little bit misinform

    #29 4 years ago
  30. Freek

    Hey, lets fix our security issues by introducing brand new ones! That’s brilliant!

    #30 4 years ago
  31. Mike

    I had this up on Twitter aaages ago. I reckon EG stole the story from me! ;)

    #31 4 years ago
  32. Mike

    Yeah, EG also posted my NeoGaf thread corroboration follow up.

    I didn’t even get a mention :’(

    #32 4 years ago
  33. Bluebird

    Maybe they are taking it from the thread on the EG forums. ;)

    #33 4 years ago
  34. Mike

    Ah! Well, same rule applies. They should give a nod to the starter of the thread.

    Always give credit, innit.

    #34 4 years ago
  35. G1GAHURTZ

    Whyyyyyyyyyyyyyyyyyyyyy!!!???

    #35 4 years ago
  36. Mike

    I’m sure these hacker dicks have tried to hack Live, Steam and Nintendo’s service but have all failed. Still, not Sony’s fault, right?

    Gross incompetence. No two ways about it.

    #36 4 years ago
  37. Mike

    Fixed: http://blog.us.playstation.com/2011/05/18/update-on-psn-password-reset-process/?utm_source=twitter&utm_medium=social&utm_campaign=psn_password_051811

    #37 4 years ago
  38. G1GAHURTZ

    MS and Valve are, first and foremost, major software companies. They need to think about security from the get go and they’ve been doing it for years.

    Sony, on the other hand, is first and foremost, a hardware company that has had to get to grips with making software to play catchup with it’s competitors.

    Sony clearly don’t seem to be helping themselves, but it’s a bit unfair to compare the software competency between the three of them.

    #38 4 years ago
  39. G1GAHURTZ

    And Nintendo’s online system is a big mess, anyway…

    #39 4 years ago
  40. Crab of Thunder

    @36 Hacking Nintendos network wouldn’t get you far lol. IMA STEAL YOUR FRIEND CODE!! :P

    #40 4 years ago
  41. Stephany Nunneley

    Post updated with Sony saying the URL exploit is fixed.

    #41 4 years ago
  42. NeoSquall

    @37 Ha!

    #42 4 years ago
  43. Mike

    @38: So they deserve leeway?! Are you joking?!

    They’re a huge multinational company that has the resources to fund and implement a first-class, fail-safe system. They didn’t. It’s their fault.

    I really don’t see how this can still be an issue for people. Hate the hackers, fine. But Sony blameless? Do me a favour.

    #43 4 years ago
  44. sg1974

    Mike how do you know those compnaies havent been hacked. As stringer says some comapnies don’t even tell their cusomers when its happened.

    #44 4 years ago
  45. Mike

    So you think Valve would hide the fact that their customers’ private information had fallen into the hands of a third party?

    Come on.

    #45 4 years ago
  46. Gekidami

    Live accounts get hacked all the time (along with Windows Live accounts) meaning the persons personal information gets exposed too, remember this?
    So i definitely wouldnt point to MS as being a ‘bastion’ of security…

    #46 4 years ago
  47. Freek

    Brute forcing one persons password isn’t exactly breaking into the servers and stealing the entire database. Xbox live as a service wasn’t compromised due to Major Nelson loosing control of his account.

    #47 4 years ago
  48. Gekidami

    I never said it was. Point is Live is open to its users getting their personal data stolen, on a lesser scale but its still there. Pointing to MS and saying that its “completely” secure is false.

    #48 4 years ago
  49. G1GAHURTZ

    I’m not saying that they deserve leeway, but building a worldwide network the size of PSN from scratch, with little to no experience is no easy task.

    Sure, they should have the money to do these things correctly, but I for one am not really surprised that they’re having so many problems.

    PSN has been having continual problems for years now.

    Servers failing and making games practically unplayable (GT5 etc)… the constant delays for Home, etc…

    In a way, something like this current mess, bad as it is, shouldn’t really come as a huge surprise.

    I just mean that like early adopters can usually expect teething problems, gamers would be a bit harsh to expect PSN to be at the level of Steam and XBL in such a short space of time.

    It’s the same as expecting MS, a software company, to be able to produce quality hardware with no problems from day one, too.

    #49 4 years ago
  50. Mike

    It’s ok, Gek. They’re both entirely comparable and Sony is just unfortunate and innocent of any negligence.

    Carry on.

    #50 4 years ago
  51. G1GAHURTZ

    @ Geki:

    Who said that XBL was “completely” secure??

    #51 4 years ago
  52. Freek

    And not getting phished or have your password brute forced is something that you have full control over by not falling for dumb e-mails or have your password be Admin1234.

    #52 4 years ago
  53. Gekidami

    ^ Phishing isnt the only way to hack a Live account, though. I know because i’ve had one hacked before, luckily it wasnt the one connected to my Xbox Live account. You think Major Nelson got ‘Phished’?

    @G1GA
    Seems to be the general consensus, hackers have apparently “tried” and “failed”. Yet they dont seem to have any trouble getting to individual accounts, where a persons personal information is stored.

    #53 4 years ago
  54. G1GAHURTZ

    I think what people are basically saying, Geki, (and I agree) is that in realtive terms, and almost certainly in terms of percentage of hacked accounts, XBL is much, much safer.

    An individual having his account hacked is not the same as a hacker getting full privileges to an entire network.

    #54 4 years ago
  55. Mike

    @GIGA: Sorry, don’t agree, You just have to employ the right people, and have a decent security strategy.

    Also, MS deserved everything they got from the RroD debacle.

    #55 4 years ago
  56. DaMan

    Let’s see some sources then, Gekidami. Or any evidence for that matter.

    Xbl accounts get phished or they ‘guess’ the password. there is also the social engineering .

    #56 4 years ago
  57. Mike

    From the previous page, obv.

    #57 4 years ago
  58. DaMan

    yeah, like I said. Nothing pointing to other methods.

    The comparisons are retarded. I suppose knowing that someone was hacked because they ‘ve had a password ’12345′ makes them feel better as well.

    #58 4 years ago
  59. Gekidami

    @ G1GA
    And i never said it was. Just that Live definitely isnt the ‘impenetrable fortress’ its being made out to be.

    #59 4 years ago
  60. OrbitMonkey

    Back & forth, round & round, same old same old *munches popcorn* carry on ;)

    #60 4 years ago
  61. TheWulf

    @22 & @36

    You’re expecting sense from the usual suspects? Really? Those who regularly concoct ridiculous conspiracy theories?

    (Here’s my favourite! – “The PSN was taken down by a splinter-cell of Anonymous who’re apparently taking orders from the ghost of Osama Bin Laden. Not just a bunch of fraudsters looking for an easy mark, provided by piss-poor security. Noap! It was Bin Laden leading a highly trained group of hackers into battle, so skilled that they act like fingers of the same hand!“)

    Yeah. Good luck with that. I’ve tried and failed to cut through the sensationalist vitriol that some of them are spouting but it’s just too much, and so dense that not even wolverine would be able to leave a scratch in it.

    Not everyone posting here is like that, of course, in fact it’s thankfully just a loud minority. As I said, just the usual suspects.

    @38

    I’m sorry, I know you mean well and all, but you’re wrong. Sony’s been doing software for years and years. They’re responsible for the SecuROM DRM. There are also a number of Sony software arms – Sony Online Entertainment for one, which have been developing games since the original Everquest.

    In fact, they should’ve been more prepared than Nintendo. They dropped the ball, simple as.

    @40

    Incorrect! They have a shop as well, and their Virtual Console sales turn a decent profit, as is my understanding. So there’d likely be a juicy amount of credit card details there, if they could be obtained.

    I’m kind of fed up that people are still making excuses about this.

    @44

    It’d be pretty easy to follow the evidence trail back to a source if a group of people suffered fraud, and then the company responsible would then be sued to hell and back. This is why every other company in the history of credit card information breaches has notified people immediately.

    All you need is a modicum of sense to figure out why this is the case. Right. Information is obtained but never used by anyone, it’s just sitting in a closet with nothing being done with it. People are going to try to sell that information off as quickly as possible.

    You’d be surprised how easy it is, then, to track it back to the source. It might not happen immediately, but it would happen eventually, and the company responsible would be dismantled for not telling people.

    So yeah, living in the real world, that’s not going to happen.

    @48

    What bollocks.

    You’re comparing someone losing their wallet with a bank being hacked and someone having their account cleared out.

    This is why I really hate apologists.

    Personal security DOES NOT equal corporate security. Duh?

    #61 4 years ago
  62. TheWulf

    @53

    So you’ve been stupid enough to install malware before and now you’re blaming the evil hackers and Microsoft for your own incompetence?

    Marvellous.

    Now I completely understand why you’re being a Sony apologist. Carry on.

    @60

    It’s better to participate in a discussion than to spam nonsense. You’re just wasting database space and CPU cyclces that could be better used elsewhere. :P

    #62 4 years ago
  63. OrbitMonkey

    @TheWulf, What Is this I smell? Ah you & your pretentious little mewling. Please tell me you don’t speak aloud when you type, as you’d be wasting air that could be used by someone more deserving ;)

    P.s. Spouting the same old same old, time & again waste’s just as much CPU as me I think. At least I can keep it brief dear boy. But. then i don’t jack off to how clever I am whilst typing x

    #63 4 years ago

Comments are now closed on this article.