Arik Hesseldahl

Recent Posts by Arik Hesseldahl

In Wake of the Big PlayStation Hack, a New Sony Security Weakness Is Found

The hits just keep on coming at Sony. Only days after it turned its PlayStation Gaming Network back on in the wake of a sophisticated hacking attack that forced Sony to bring it down for three weeks, players are noticing a new security vulnerability.

As part of restarting the service, Sony required players to reset their passwords. The problem? All the account information that the hackers obtained can be used by those attackers to reset the passwords of users. All they need are the birthdate and the email address used with the account, both of which were compromised by the attack. While there’s no word as to whether anyone has taken advantage of the vulnerability, the fact that it’s there is making Sony gamers, already irritated by the attack and the resulting outage, that much more suspicious. It essentially amounts to a security hole that can be exploited by pretty much anyone, making Sony’s security look a bit like Swiss cheese.

Word of the latest troubles comes only a day after Sony rolled out its big executive guns, namely Sony CEO Howard Stringer, as part of a PR offensive to start repairing the damage to its reputation, with repeated promises both from Stringer and from Sony gaming head Kaz Hirai that the gaming network is more secure than before.

In a comment on the latest developments, Sony spokesman Patrick Seybold said, “We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed. Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the Web site as soon as we bring that site back up.”

Gaming enthusiast site, which has covered the vulnerability extensively, suggests creating a new account using an email address you create for the PlayStation network and nothing else. It also has a Q&A about the problem. Sony shares, naturally, are down by 33 cents, or more than 1 percent, to $27.74 after rising a little yesterday.