We’re getting unverified reports that a way for someone to reset your PSN password apparently given just your PSN email and your date of birth has surfaced – more information here – and the ability to sign in online via the various PlayStation.com sites has just been removed.
This does happen on other sites, although generally you tend to get an email confirmation first which you need to click to reset your password. Nyleveia are assuming there’s some tricky URL manipulation going on.
We’re not entirely sure what’s happening, but from the site linked above (which is still updating) it looks like there may be a loop-hole remaining. Nyleveia suggested PSN users should change their email addresses as well as password, but obviously with the sign-in form currently down this isn’t possible.
It does appear that this only resets your password rather than changes it.
The PlayStationEU Twitter has, in the last few minutes, said that this is maintenence due to ISPs finally sending password reset emails from when the PSN stirred back into life. The EU forums have official information on the downtime although it doesn’t mention any of the above.
Nyleveia say they’ve contacted Sony.
We must stress that we have no other information on this other than what’s on Nyleveia.com, and their page has changed a couple of times adding and removing text.
Further reading: Nyleveia.com, official EU PlayStation forum, NeoGAF.
tom_lord
I clicked on the headline with blind panic and confusion that the PSN was down and hacked again, it’s not and it’s no biggie.
wuntunzee
It does have a confirm link in the reset confirmation email if you change your password online –
To reset your PlayStation(R)Network password, please click on the link below. This link will expire in 3 hours from the time that it was sent. The link will direct you to a PlayStation(R)Network web page and allow you to enter and confirm your new password.
ScottyB
Wonder why they dont use that on PSN…
nofi
More info, suggesting Sony are lying about this: http://www.neogaf.com/forum/showthread.php?t=430574
cc_star
Wow.
I’m mobile so can’t read all that link but I think we deserve some clarity from Sony. They have my money, they are entrusted with my details, what the hell are they potentially playing at?
If the link is true: The old “essential maintenance” lie, again? Really? After everything that’s happened, way to win back people’s trust.
OneShotWook
It’s the gift that keeps giving,a free kick in the knackers every time Psn is mentioned.
marshaal5
Is this the biggest smear campaign ever ?
someon somewhere has an agenda not sure who where or why but someone has.
ruinereraser
Either:
1) it’s true, and someone found a way to generate password recovery link tokens,
2) or it’s a big spoof since someone pointed out that they’ve received email with actual changed password phrase in the body of the message (which is obviously a sppof, since Sony never put the actual password in the confirmation email.
amiga_dude
1) Nope. (But has been know to be done before)
2) Sony only sends you e-mail that password change has happen to that PSN account. As you said there is no reference of the password in that email.
If all did happen then hacker has e-mail address and DOB (lot over stuff as well) and it is this you need to change password if forget/dont know your password.
If you change your PSN e-mail address it sends e-mail multiple address.
Master Account
Old e-mail address
New e-mail address
Sub Account
Master PSN account e-mail address
Old e-mail address
New e-mail address
tinman9
thanks Scotty!
besidavi
This has to be a wind-up surely? Reading the article I don’t understand what the problem is, I know there’s some confusion at the moment but it’s not made clear at all. The night the PSN went back up I changed 2 accounts passwords via the email link and got a confirmation back from Sony. It worked fine and the confirmation did not show my new password at all. Can someone tell me I’ve misunderstood this badly?
amiga_dude
Yep. They hackes know your e-mail and DOB. You only need this to change account password, it is there if you forget the password to that account.
The answer to it is simple, it should send e-mail to that account like every where else do, that you verify with.
Also Sony has said the password have and always have been hashed. To my knowledge they never explained if this was encrypted as well. The 2 are very different things.
The reason why Sony wants to change you password is because in theory you could do a rainbow table.
http://en.wikipedia.org/wiki/Rainbow_table
besidavi
Hmmmm…… clear as mud. Reading around I think I see what’s happened now but don’t become a teacher amiga!
amiga_dude
I don’t mind.
The best explanation what going on now is at
http://www.mcvuk.com/news/44380/Sony-suffers-frech-hack
PS MCVUK liking the graphic
Roynaldo
Seems a pretty basic thing to overlook. Weird.
amiga_dude
I am amazed nobody in all the years PSN been going that no one thought about this before.
Deathbrin
You never know.