Following one of the most costly and wide-reaching thefts of data in history, Sony’s re-launch of the popular PlayStation Network (PSN) stalled yesterday when their password-reset system was revealed to have a fatal flaw that allowed hackers to steal user accounts.
The hack worked by gaming the unique string of characters Sony sends out to a user’s email account when they request to change their password, according to published reports. Hackers with just a user account and the user’s date of birth were able to use the security flaw to change passwords at will.
Unfortunately for Sony, word of the gaping security hole came at a crucial moment, right after they asked tens of millions of PSN users to change their passwords and come back to the service after weeks of downtime.
The company reacted to the security hole by taking the login forms for a number of their websites offline. The password hack did not affect users trying to reset their accounts directly from PlayStation 3 consoles.
It’s also not likely that many user accounts were affected. A fail-safe in the system sends out emails to users once their passwords have been changed,which would alert users to a possible theft.
Sony has been gradually restoring its online services since Sunday after taking them down on April 20 and admitting nearly a week later that personal information from over 100 million user accounts had been stolen, and that credit card details may be included in the stolen data.
The latest misstep will raise serious questions about the electronic giant’s ability to manage security for its online services. After word of the earlier hack went public, the company was roundly criticized for using outdated software on its servers.
The company is offering two free games for PlayStation 3 users who return to the free gaming network within the next 30 days. PSN service was still online as of this writing.
An investigation into the initial PSN hack is ongoing.
Stephen C. Webster
Stephen C. Webster is the senior editor of Raw Story, and is based out of Austin, Texas. He previously worked as the associate editor of The Lone Star Iconoclast in Crawford, Texas, where he covered state politics and the peace movement’s resurgence at the start of the Iraq war. Webster has also contributed to publications such as True/Slant, Austin Monthly, The Dallas Business Journal, The Dallas Morning News, Fort Worth Weekly, The News Connection and others. Follow him on Twitter at @StephenCWebster.
Raw Story is a progressive news site that focuses on stories often ignored in the mainstream media. While giving coverage to the big stories of the day, we also bring our readers' attention to policy, politics, legal and human rights stories that get ignored in an infotainment culture driven solely by pageviews.
Founded in 2004, Raw Story reaches 9 million unique readers per month and serves more than 30 million pageviews.