LAist is part of Southern California Public Radio (SCPR), a member-supported public media network. Hear our news on-air at our partner site:
The PlayStation Network is down once again in response to a new exploit discovered just days after Sony began restoring the service following a lengthy outage resulting from a security breach last month.
It appears this was not a hack or outside attack but a lapse in logic (and verification) on Sony's part. The April breach exposed the personal information of tens of millions of PSN users -- including but not necessarily limited to passwords, email addresses and credit card info. In taking the network back online earlier this week, Sony insisted that users reset their passwords before doing anything else.
However, any hacker in possession of user info from the April breach could gain access through a process involving entering a user's date of birth and email address on the password reset page.
According to gaming site Nyleveia:
While we will not reveal specific details regarding how the exploit is performed for obvious reasons, we can say that the exploit involves a vulnerability in the password reset form currently implemented, not properly verifying tokens.
UPDATE: PSN websites are down but the network can still be accessed (and email addresses / passwords can be changed) via PS3 consoles or PSPs.
The exploit cannot be executed while the system is down. Meanwhile, Congress followed up with Sony on Tuesday as it's still demanding answers in regard to the April breach.