PlayStation Network Password Reset Page Exploited

  • Thread starter Thread starter jamesaa
  • Start date Start date
  • Views Views 6,328
  • Replies Replies 53

jamesaa

The Prince of Insufficient Light
Member
Joined
Jan 8, 2006
Messages
677
Reaction score
49
Trophies
1
XP
1,337
Don't think this has been posted.

QUOTE said:
According to reports on Nyleveia.com, Eurogamer, and NeoGAF, Sony's PlayStation Network password reset system-the one just put in place after the PSN hack-has been compromised, allowing hackers to change a PSN password if they know your email and date of birth. Exactly the sort of information that was released in the original hack.

Sony has taken the password reset system offline. Kotaku has reached out to Sony for comment.

Source: http://kotaku.com/5803050/

EDIT:

Updates:
QUOTEUpdate 1: The good news (as pointed out by NeoGAF's "Metalmurphy") is that if your account was compromised, you should have gotten an email from PSN that says your password has been reset.

Update 2: An official community moderator on the EU PlayStation forums notes the following services are offline:

PlayStation.com
PlayStation forums
PlayStation Blog
Qriocity.com
Music Unlimited via the web client
All PlayStation game title websites

Update 3: This is the purported exploit as provided to Kotaku. As PlayStation services are now offline, this exploit is no longer able to be executed:

The prodecure is as follows:
1) Navigate to : https://store.playstation.com/accounts/rese...rd.action?token (this is normally, via email, https://store.playstation.com/accounts/rese...YYYYYYYYYYYYYYY with the y's being a unique token) - do not enter the code at this point.
2) Open a new tab in firefox, and go to fr.playstation.com (other pages will work too most likely), and click Login (Connexion)
3) Click Recover password
4) Enter the email and date of birth of the target account
5) Click continue, then on the confirmation page, click "Reset using E-mail"
6) Switch back to the original tab, and enter the code, then click continue
7) You will now be asked to enter a new password for the target account
 
rofl.gif


WOW.
 
I think this has gone too far. The goal must be to completely shut Sony down. It appears they are on the right track. Looks like M$ here I come.
 
Lately it seems like these hackers are deliberately exploiting Sony through any means necessary, through any connection possible.

But good lord, security 101 fail.
 
And your posting how to do this on a site full of hackers because?...... You fucking jackass if my account gets stolen now, I'm blaming you for posting the "how to" in this thread
 
Bwahahaha that was inevitable, I wonder what Sony will do next and what will be the hackers reply, man this keeps getting better and better.
 
chartube12 said:
And your posting how to do this on a site full of hackers because?...... You fucking jackass if my account gets stolen now, I'm blaming you for posting the "how to" in this thread

I added bold tags to a specific part of the text for a reason... You did read it right?
 
Things are getting out of controll now... these hackers shouldn't go all terrorism against sony as they are.. and sony should get their act together and not make it so easy for the hackers.... but BOTH parts should stop fucking around

Edit:

jamesaa said:
chartube12 said:
And your posting how to do this on a site full of hackers because?...... You fucking jackass if my account gets stolen now, I'm blaming you for posting the "how to" in this thread

I added bold tags to a specific part of the text for a reason... You did read it right?

I never knew this was a place full of hackers? I thought we (some of us) just were pirates and/or game lovers.
 
chartube12 said:
And your posting how to do this on a site full of hackers because?...... You fucking jackass if my account gets stolen now, I'm blaming you for posting the "how to" in this thread
The sites are down. You can only reset your password via a PS3 right now.
 
I don't understand why this was necessary anyway...

I had forgotten the password to my account, so entered the email and the DOB on the account (which the hackers would have had access to) and reset the password without any "exploitation" necessary. There was no need for any hack at all.

EDIT: And if they had your old password anyway, they could have changed your password with that, unless you already changed it, in which case, only email and DOB are necessary, both of which they would have had. I really don't understand this news or the shock it has caused...
 

Site & Scene News

Popular threads in this forum