Sony has responded to the reports of the PlayStation Networks login process being exploited. It has posted on its official blog that the network ‘was not hacked’ and that there was a URL exploit that enabled access to a user’s password with the use of a birth date and email address.
We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.
Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.
Sony spokesman Dan Race told Reuters that Sony found the “security hole” on the site that would allow the hackers that had breached Sony’s servers in April to gain access to your account and subsequently change your password.
Interestingly, reports from community site Nyleveia are what tipped us off to the exploit in the first place. Nyleveia states that they discovered the breach and informed Sony of it. This would mean that Sony did not technically find the hole themselves, they were informed of it by an outside party. While Sony states that there was no ‘hacking’ that is splitting hairs as an exploit is normally just the means to performing a hack. In this case the ‘hack’ was the use of the URL exploit to enable the changing of user passwords without their permission.
However you classify the breach, it is yet another setback for Sony in the battle to reassure customers that their private information is safe since the Network was originally hacked back in April.
Race also stated that users with a PlayStation console at home can still change their passwords there.