Customer alerted Sony to new vulnerabilities
Company says unlikely that customer information was compromised due to password reset flaw
Sony has revealed that they were alerted to the password reset insecurities in the PlayStation network password reset system by a consumer via email.
The vulnerabilities in the system, if gone unnoticed, could have opened up millions of users to further data theft as cyber-criminals would have been able to change passwords using only PSN account details and dates of birth, both of which were stolen from almost users during the recent Sony hack. However, Sony says that it is not likely that anyone has accessed consumers' information through this vulnerability.
"It is unlikely that people accessed other users' personal information through this URL, however it is theoretically possible," Sony said in a statement.
The PC management system which allowed users to reset their passwords was taken down at 1:45pm local UAE time on Wednesday, May 18 after Sony were made aware of the defect ten minutes earlier at 1:35pm local UAE time, Wednesday, May 18.
Sony says the vulnerability was not related to the security measures Sony has put in since the hack that saw over 100 million users' data stolen.
"We've increased the security measures for PlayStation Network and Qriocity Services, however this was an unrelated vulnerability from the services themselves," Sony said.
The company has revealed that so far, it has had no indication that any users have been affected by the vulnerability and admit that this password reset insecurity was an unknown flaw in the password reset systems although it says it has a similar problem several years ago.
"This was not a known vulnerability. However we discovered a similar weakness three years ago and fixed it at that time. We were reported a new but similar weakness, and once again, fixed it," said Sony.
The company is so far unable to give any indication of when the service will be back up again although it says it should be up shortly.
Replies to the latest blog post on the PlayStation network official blog indicate that many PSN users are losing patience with the company.
"I was fully supportive of Sony throughout this whole thing, but now it's just getting too much. :( I have a US PS3, a US PSN account and only buy US version games. But becuase i live in China, I still can't sign into PSN. How does that make sense Sony???" said one post on the blog.