Support for LAist comes from
We Explain L.A.
Stay Connected

Share This

This is an archival story that predates current editorial management.

This archival content was written, edited, and published prior to LAist's acquisition by its current owner, Southern California Public Radio ("SCPR"). Content, such as language choice and subject matter, in archival articles therefore may not align with SCPR's current editorial standards. To learn more about those standards and why we make this distinction, please click here.


Sony Can't Get it Up: PlayStation Network Down Again

Sony began reopening its PlayStation Network earlier this week but failed to cover up at least one key vulnerability.
Before you
Dear reader, we're asking you to help us keep local news available for all. Your tax-deductible financial support keeps our stories free to read, instead of hidden behind paywalls. We believe when reliable local reporting is widely available, the entire community benefits. Thank you for investing in your neighborhood.

The PlayStation Network is down once again in response to a new exploit discovered just days after Sony began restoring the service following a lengthy outage resulting from a security breach last month.

It appears this was not a hack or outside attack but a lapse in logic (and verification) on Sony's part. The April breach exposed the personal information of tens of millions of PSN users -- including but not necessarily limited to passwords, email addresses and credit card info. In taking the network back online earlier this week, Sony insisted that users reset their passwords before doing anything else.

However, any hacker in possession of user info from the April breach could gain access through a process involving entering a user's date of birth and email address on the password reset page.

According to gaming site Nyleveia:

Support for LAist comes from
While we will not reveal specific details regarding how the exploit is performed for obvious reasons, we can say that the exploit involves a vulnerability in the password reset form currently implemented, not properly verifying tokens.

UPDATE: PSN websites are down but the network can still be accessed (and email addresses / passwords can be changed) via PS3 consoles or PSPs.

The exploit cannot be executed while the system is down. Meanwhile, Congress followed up with Sony on Tuesday as it's still demanding answers in regard to the April breach.

Most Read