PlayStation Network Password Reset Page Exploited

[jamesaa]

Don't think this has been posted.

According to reports on Nyleveia.com, Eurogamer, and NeoGAF, Sony's PlayStation Network password reset system-the one just put in place after the PSN hack-has been compromised, allowing hackers to change a PSN password if they know your email and date of birth. Exactly the sort of information that was released in the original hack.

Sony has taken the password reset system offline. Kotaku has reached out to Sony for comment.

Source: http://kotaku.com/5803050/

EDIT:

Updates:
QUOTEUpdate 1: The good news (as pointed out by NeoGAF's "Metalmurphy") is that if your account was compromised, you should have gotten an email from PSN that says your password has been reset.

Update 2: An official community moderator on the EU PlayStation forums notes the following services are offline:

PlayStation.com
PlayStation forums
PlayStation Blog
Qriocity.com
Music Unlimited via the web client
All PlayStation game title websites

Update 3: This is the purported exploit as provided to Kotaku. As PlayStation services are now offline, this exploit is no longer able to be executed:

The prodecure is as follows:
1) Navigate to : https://store.playstation.com/accounts/rese...rd.action?token (this is normally, via email, https://store.playstation.com/accounts/rese...YYYYYYYYYYYYYYY with the y's being a unique token) - do not enter the code at this point.
2) Open a new tab in firefox, and go to fr.playstation.com (other pages will work too most likely), and click Login (Connexion)
3) Click Recover password
4) Enter the email and date of birth of the target account
5) Click continue, then on the confirmation page, click "Reset using E-mail"
6) Switch back to the original tab, and enter the code, then click continue
7) You will now be asked to enter a new password for the target account

 

[WiiUBricker]

Thats bad news.

 

[MelodieOctavia]

LOL (Insert comment about Karma here)

 

[terminal_illness]

what a bunch of idiots. i want my info back. we should all jump on the class action suit.

 

[Warrior522]

WOW.

 

[Bladexdsl]

way to go failony!

 

[coolness]

whaaaaaaaaaaaaaaah i fucking hate those hackers :@

 

[impizkit]

I think this has gone too far. The goal must be to completely shut Sony down. It appears they are on the right track. Looks like M$ here I come.

 

[naglaro00]

Already changed my email

 

[RupeeClock]

Lately it seems like these hackers are deliberately exploiting Sony through any means necessary, through any connection possible.

But good lord, security 101 fail.

 

[jamesaa]

Network security? How hard can it be?

 

[Fishaman P]

WHAT. THE. FUCK.

Sony's... 4th blunder now, isn't it?

They're going under.

NO ONE is going to download ANY digital content.

 

[chartube12]

And your posting how to do this on a site full of hackers because?...... You fucking jackass if my account gets stolen now, I'm blaming you for posting the "how to" in this thread

 

[Tonitonichopchop]

All I can say is "WOW".

 

[SamAsh07]

Bwahahaha that was inevitable, I wonder what Sony will do next and what will be the hackers reply, man this keeps getting better and better.

 

[jamesaa]

And your posting how to do this on a site full of hackers because?...... You fucking jackass if my account gets stolen now, I'm blaming you for posting the "how to" in this thread

I added bold tags to a specific part of the text for a reason... You did read it right?

 

[Issac]

Things are getting out of controll now... these hackers shouldn't go all terrorism against sony as they are.. and sony should get their act together and not make it so easy for the hackers.... but BOTH parts should stop fucking around

Edit:

And your posting how to do this on a site full of hackers because?...... You fucking jackass if my account gets stolen now, I'm blaming you for posting the "how to" in this thread

I added bold tags to a specific part of the text for a reason... You did read it right?

I never knew this was a place full of hackers? I thought we (some of us) just were pirates and/or game lovers.

 

[Jamstruth]

And your posting how to do this on a site full of hackers because?...... You fucking jackass if my account gets stolen now, I'm blaming you for posting the "how to" in this thread

The sites are down. You can only reset your password via a PS3 right now.

 

[SifJar]

I don't understand why this was necessary anyway...

I had forgotten the password to my account, so entered the email and the DOB on the account (which the hackers would have had access to) and reset the password without any "exploitation" necessary. There was no need for any hack at all.

EDIT: And if they had your old password anyway, they could have changed your password with that, unless you already changed it, in which case, only email and DOB are necessary, both of which they would have had. I really don't understand this news or the shock it has caused...

 

[Ace Overclocked]

this is so fucked up
sony is going down if this keeps up