Sony reset suffers setback after security flaw discovered


Sony reset suffers setback after security flaw discovered

Warwick Ashford

Sony has been forced to suspend the PlayStation Network (PSN) and Qriocity password reset web pages after discovering a flaw that could be exploited by hackers.

The beleaguered company firmly denied that its networks had come under fresh hacker attacks as it begins to restore services after a massive data breach in April of up to 100 million users' details.

"We temporarily took down the PSN and Qriocity password reset page," said Sony spokesman Patrick Seybold in a PlayStation blog update.

"Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed," he said.

Restoring PlayStation services

Details of the exploit were not disclosed, but a flaw in the site had made it possible for hackers to change a user's password if they knew the e-mail address and date of birth associated with an account, according to the Bangkok Post.

Sony said users who have not reset their passwords for PSN are encouraged to do so directly on their PlayStation 3 games console, or they will be able to do so via the reset website as soon as it is restored.

The company is attempting to restore services on a country-by-country basis, starting with the Americas, Europe, Australia, New Zealand and the Middle East. It hopes to have all regions restored by the end of May.

But earlier in the week, these regions reported difficulties logging in. The high volume of password-reset requests by online gamers has forced Sony to suspend services to clear the backlogs.

Cybercriminals outwit security

Sony took down the PSN and Qriocity services on 20 April after its datacentre in San Diego was hacked, but did not reveal the breach until 26 April.

The firm has come under fire for the delay, but Sony chief Howard Stringer has defended Sony's actions, saying it acted faster than most companies.

In his latest statements, Stringer claims that most breaches go unreported by companies, and 43% of notifications are made up to a month after the breach.

Stringer said protecting private information is a never-ending process, and in the bad new world of cybercrime, it is impossible to guarantee 100% security.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy