Support for LAist comes from
We Explain L.A.
Stay Connected

Share This

News

Sony Can't Get it Up: PlayStation Network Down Again

playstation-error.jpg
Sony began reopening its PlayStation Network earlier this week but failed to cover up at least one key vulnerability.
LAist relies on your reader support.
Your tax-deductible gift today powers our reporters and keeps us independent. We rely on you, our reader, not paywalls to stay funded because we believe important news and information should be freely accessible to all.

The PlayStation Network is down once again in response to a new exploit discovered just days after Sony began restoring the service following a lengthy outage resulting from a security breach last month.

It appears this was not a hack or outside attack but a lapse in logic (and verification) on Sony's part. The April breach exposed the personal information of tens of millions of PSN users -- including but not necessarily limited to passwords, email addresses and credit card info. In taking the network back online earlier this week, Sony insisted that users reset their passwords before doing anything else.

However, any hacker in possession of user info from the April breach could gain access through a process involving entering a user's date of birth and email address on the password reset page.

According to gaming site Nyleveia:

Support for LAist comes from
While we will not reveal specific details regarding how the exploit is performed for obvious reasons, we can say that the exploit involves a vulnerability in the password reset form currently implemented, not properly verifying tokens.

UPDATE: PSN websites are down but the network can still be accessed (and email addresses / passwords can be changed) via PS3 consoles or PSPs.

The exploit cannot be executed while the system is down. Meanwhile, Congress followed up with Sony on Tuesday as it's still demanding answers in regard to the April breach.