We’re getting unverified reports that a way for someone to reset your PSN password apparently given just your PSN email and your date of birth has surfaced – more information here – and the ability to sign in online via the various PlayStation.com sites has just been removed.
This does happen on other sites, although generally you tend to get an email confirmation first which you need to click to reset your password. Nyleveia are assuming there’s some tricky URL manipulation going on.
We’re not entirely sure what’s happening, but from the site linked above (which is still updating) it looks like there may be a loop-hole remaining. Nyleveia suggested PSN users should change their email addresses as well as password, but obviously with the sign-in form currently down this isn’t possible.
It does appear that this only resets your password rather than changes it.
The PlayStationEU Twitter has, in the last few minutes, said that this is maintenence due to ISPs finally sending password reset emails from when the PSN stirred back into life. The EU forums have official information on the downtime although it doesn’t mention any of the above.
Nyleveia say they’ve contacted Sony.
We must stress that we have no other information on this other than what’s on Nyleveia.com, and their page has changed a couple of times adding and removing text.
Further reading: Nyleveia.com, official EU PlayStation forum, NeoGAF.
Peter Rushton
even if you’ve changed your password for psn, are you at risk?
Youles
I think so, I think what it’s saying is that (at present) only your email and DOB are required to change your PSN password…such details which could have been obtained in the hack, and that can be obtained from other sites you use. I hope Sony has taken the Sign-In down to add a verification email for any Password changes/resets.
BIGAL-1992
Not Again!
Klart
This is not happening.
djhsecondnature
Not seen any actual evidence that this is remotely true. Someone going off then having access to your email? Sounds very fishy.
Youles
…other than the PSN Sign-In is down.
djhsecondnature
Or that the site in question just deleted all their tweets regarding the matter…
nofi
http://www.neogaf.com/forum/showpost.php?p=27903203&postcount=2012
djhsecondnature
Interesting indeed. But still no actual proof that this is the hack. He says he got a confirmation link still… Worth keeping an eye on though.
Tuffcub
They explained why they deleted the tweets = to be honest this sort of password scam has been around for ages so it sounds legit to me.
djhsecondnature
They hadn’t when I posted the comment though :-p
cc_star
I’m trying to work out what’s happening, but the PlayStation website sign-in being down does add weight to the unverified story. Far too much of a coincidence, surely?
If the security system doesn’t send an email to the registered address with a clickable link to confirm the password change it’s a massive fail, but obviously not having changed my password via any Sony websites I don’t know.
Youles
I’m a little confused by the whole thing now. I changed my password on my PSN account as soon as PSN was back up. However passwords for several other PSN accounts on the same PS3 (such as my wife’s) could not be reset, and as such she cannot sign in until she uses the email link sent to her. Are both our accounts safe, of just mine, or neither of them unless we change the email address associated with them?
What I gather from the PS EU Twitter Blog is that, the password reset emails sent out (such as the one for my wife) is currently useless – if she follows the link the subsequent website is down for maintenance.
So as for the DoB and email information, is that what was required for entry once you followed the email link (before the maintenance started)? If so I should be safe (as no link was sent to me) but my wife’s account could be at risk. Unfortunately I can’t remember what details require confirmation is changing your password on your PS3…guess my account isn’t safe until I know this.
djhsecondnature
It does that’s the thing, seems as if someone’s intercepting the email perhaps.
tinman9
But if you changed your email ID address as logon won’t this mean you loose all your trophy history?
This is getting to be a joke and a pain
nofi
No, I’d imagine your unique logon is your username, not the email attached.
amiga_dude
I have change my e-mail address and my trophy still there.
If fact I would be be amazed anything you access/view really controls your account. You should not be able to access you “primary key” in the database. If you was ever able to have access to the PK then various hacks would just become trivial and all bets are off.
TSBonyman
I’ve just received 18 messages to my email. No sender and no subject.. obviously i won’t be opening any of them to check them but is anyone else getting the same?
TSBonyman
That’s weird , just reloaded my email and they’ve all disappeared again. Hopefully just a coincidental glitch.. :s
tinman9
can anybody verify that its okay to change your email address on your master PSN account to another.
Will this leave trophy history intact?
I assume that it stills logs the data to your PSN id.
Thanks
Awayze
Yeh you can change your email address, I’ve changed it many times and my trophies are still there.
Sympozium
Its locked to your PSN name
ScottyB
My freind warned me of this exploit as she’s had it happen to her before. Luckily i changed my email as soon as i got back on
ScottyB
@Tinman it does’nt affect your trophy history when you change emails on any account ;)