PlayStation Network Password Reset Page Exploited

jamesaa

The Prince of Insufficient Light
OP
Member
Joined
Jan 8, 2006
Messages
673
Trophies
0
XP
1,264
Don't think this has been posted.

QUOTE said:
According to reports on Nyleveia.com, Eurogamer, and NeoGAF, Sony's PlayStation Network password reset system-the one just put in place after the PSN hack-has been compromised, allowing hackers to change a PSN password if they know your email and date of birth. Exactly the sort of information that was released in the original hack.

Sony has taken the password reset system offline. Kotaku has reached out to Sony for comment.

Source: http://kotaku.com/5803050/

EDIT:

Updates:
QUOTEUpdate 1: The good news (as pointed out by NeoGAF's "Metalmurphy") is that if your account was compromised, you should have gotten an email from PSN that says your password has been reset.

Update 2: An official community moderator on the EU PlayStation forums notes the following services are offline:

PlayStation.com
PlayStation forums
PlayStation Blog
Qriocity.com
Music Unlimited via the web client
All PlayStation game title websites

Update 3: This is the purported exploit as provided to Kotaku. As PlayStation services are now offline, this exploit is no longer able to be executed:

The prodecure is as follows:
1) Navigate to : https://store.playstation.com/accounts/rese...rd.action?token (this is normally, via email, https://store.playstation.com/accounts/rese...YYYYYYYYYYYYYYY with the y's being a unique token) - do not enter the code at this point.
2) Open a new tab in firefox, and go to fr.playstation.com (other pages will work too most likely), and click Login (Connexion)
3) Click Recover password
4) Enter the email and date of birth of the target account
5) Click continue, then on the confirmation page, click "Reset using E-mail"
6) Switch back to the original tab, and enter the code, then click continue
7) You will now be asked to enter a new password for the target account
 

Warrior522

"In all things, balance."
Member
Joined
Jul 21, 2010
Messages
826
Trophies
0
XP
155
Country
United States
rofl.gif


WOW.
 

impizkit

Lazy Lurker
Member
Joined
Apr 6, 2010
Messages
942
Trophies
0
XP
139
Country
I think this has gone too far. The goal must be to completely shut Sony down. It appears they are on the right track. Looks like M$ here I come.
 

RupeeClock

Colors 3D Snivy!
Member
Joined
May 15, 2008
Messages
6,453
Trophies
0
Age
32
Website
Visit site
XP
2,205
Country
Lately it seems like these hackers are deliberately exploiting Sony through any means necessary, through any connection possible.

But good lord, security 101 fail.
 

chartube12

Captain Chaz 86
Member
Joined
Mar 3, 2010
Messages
3,918
Trophies
0
XP
2,163
Country
United States
And your posting how to do this on a site full of hackers because?...... You fucking jackass if my account gets stolen now, I'm blaming you for posting the "how to" in this thread
 

SamAsh07

Well-Known Member
Member
Joined
Jan 27, 2009
Messages
2,696
Trophies
0
Age
31
Location
Bahrain
XP
581
Country
Bosnia and Herzegovina
Bwahahaha that was inevitable, I wonder what Sony will do next and what will be the hackers reply, man this keeps getting better and better.
 

jamesaa

The Prince of Insufficient Light
OP
Member
Joined
Jan 8, 2006
Messages
673
Trophies
0
XP
1,264
chartube12 said:
And your posting how to do this on a site full of hackers because?...... You fucking jackass if my account gets stolen now, I'm blaming you for posting the "how to" in this thread

I added bold tags to a specific part of the text for a reason... You did read it right?
 

Issac

Iᔕᔕᗩᑕ
Supervisor
Joined
Apr 10, 2004
Messages
6,904
Trophies
1
Location
Sweden
XP
6,247
Country
Sweden
Things are getting out of controll now... these hackers shouldn't go all terrorism against sony as they are.. and sony should get their act together and not make it so easy for the hackers.... but BOTH parts should stop fucking around

Edit:

jamesaa said:
chartube12 said:
And your posting how to do this on a site full of hackers because?...... You fucking jackass if my account gets stolen now, I'm blaming you for posting the "how to" in this thread

I added bold tags to a specific part of the text for a reason... You did read it right?

I never knew this was a place full of hackers? I thought we (some of us) just were pirates and/or game lovers.
 

Jamstruth

Secondary Feline Anthropomorph
Member
Joined
Apr 23, 2009
Messages
3,462
Trophies
0
Age
28
Location
North East Scotland
XP
657
Country
chartube12 said:
And your posting how to do this on a site full of hackers because?...... You fucking jackass if my account gets stolen now, I'm blaming you for posting the "how to" in this thread
The sites are down. You can only reset your password via a PS3 right now.
 

SifJar

Not a pirate
Member
Joined
Apr 4, 2009
Messages
6,022
Trophies
0
Website
Visit site
XP
1,172
Country
I don't understand why this was necessary anyway...

I had forgotten the password to my account, so entered the email and the DOB on the account (which the hackers would have had access to) and reset the password without any "exploitation" necessary. There was no need for any hack at all.

EDIT: And if they had your old password anyway, they could have changed your password with that, unless you already changed it, in which case, only email and DOB are necessary, both of which they would have had. I really don't understand this news or the shock it has caused...
 
General chit-chat
Help Users
    gudenau @ gudenau: This source file is now valid C, C++, Java and Scala.