This story is free to read because readers choose to support LAist. If you find value in independent local reporting, make a donation to power our newsroom today.
This is an archival story that predates current editorial management.
This archival content was written, edited, and published prior to LAist's acquisition by its current owner, Southern California Public Radio ("SCPR"). Content, such as language choice and subject matter, in archival articles therefore may not align with SCPR's current editorial standards. To learn more about those standards and why we make this distinction, please click here.
Sony Can't Get it Up: PlayStation Network Down Again
Sony began reopening its PlayStation Network earlier this week but failed to cover up at least one key vulnerability.
The PlayStation Network is down once again in response to a new exploit discovered just days after Sony began restoring the service following a lengthy outage resulting from a security breach last month.
It appears this was not a hack or outside attack but a lapse in logic (and verification) on Sony's part. The April breach exposed the personal information of tens of millions of PSN users -- including but not necessarily limited to passwords, email addresses and credit card info. In taking the network back online earlier this week, Sony insisted that users reset their passwords before doing anything else.
However, any hacker in possession of user info from the April breach could gain access through a process involving entering a user's date of birth and email address on the password reset page.
According to gaming site Nyleveia:
While we will not reveal specific details regarding how the exploit is performed for obvious reasons, we can say that the exploit involves a vulnerability in the password reset form currently implemented, not properly verifying tokens.
UPDATE: PSN websites are down but the network can still be accessed (and email addresses / passwords can be changed) via PS3 consoles or PSPs.
The exploit cannot be executed while the system is down. Meanwhile, Congress followed up with Sony on Tuesday as it's still demanding answers in regard to the April breach.
You come to LAist because you want independent reporting and trustworthy local information. Our newsroom doesn’t answer to shareholders looking to turn a profit. Instead, we answer to you and our connected community. We are free to tell the full truth, to hold power to account without fear or favor, and to follow facts wherever they lead. Our only loyalty is to our audiences and our mission: to inform, engage, and strengthen our community.
Right now, LAist has lost $1.7M in annual funding due to Congress clawing back money already approved. The support we receive from readers like you will determine how fully our newsroom can continue informing, serving, and strengthening Southern California.
If this story helped you today, please become a monthly member today to help sustain this mission. It just takes 1 minute to donate below.
Your tax-deductible donation keeps LAist independent and accessible to everyone.
Right now, LAist has lost $1.7M in annual funding due to Congress clawing back money already approved. The support we receive from readers like you will determine how fully our newsroom can continue informing, serving, and strengthening Southern California.
If this story helped you today, please become a monthly member today to help sustain this mission. It just takes 1 minute to donate below.
Your tax-deductible donation keeps LAist independent and accessible to everyone.
Senior Vice President News, Editor in Chief
