Sony had password recovery exploit, trying to hide it

Basically unathorized individuals could gain access to users' accounts simply by knowing their email and date of birth. The hole is in the process of being plugged after this guy informed Sony about it. Sony claims site is down for maintenence in order to improve mail sendout process/not telling the truth.

NeoGAF

Q. If I already reset my password am I safe?
A. The exploit was possible on any account the email and date of birth was known for, regardless of if the password was changed or not, or what region the account was tied to.

Q. What if they don't know my Date of Birth or Email account?
A. Then the average user would not be able to take your account, however due to the database being illegally accessed in April, it's safe to assume that someone, somewhere, has access to a large number of users details, which include date of birth and email addresses, this alone should be reason enough to change your email.

Q. Are you sure this is real?
A. Yes, it was demonstrated to one of our empty accounts, then we were able to repeat the process ourselves after figuring out the method, this was additionally confirmed when a twitter user provided us with his data and requested that we change his password as proof.
We have since emailed him his new password, and no other data on his account was changed.

Q. Can Sony fix it?
A. Shortly after containing SCEE, the online forms connected to login and password recovery for the PlayStation and other linked networks was shut down and placed in a maintenance mode, I can only assume this is a direct response to our detailed reports to SCEE, with that said, I assume that when services resume the exploit will be patched and everyone's data once again safe.

Q. If Sony fixes the hole should I worry?
A. I would suggest that everyone, regardless of if they have been affected or not, create a new password and change their account email to one they do not use anywhere else, and will not be sharing with anyone else just for additional security.

Q. Will you give us more details on the exploit?
A. Until we have confirmed that the security hole has been patched we will not release further details on how and why the exploit was possible.

SourceNylevia

ok they fixed it so what? it's nice he informed them about it.

Hmm, I guess Sony being phony is no baloney. :twisted:

:P

Lol @ Sony

sony is pathetic

thats it, i want facial recognitions and fingerprint scans in ps4Heil68

Wow you mean Super Network Kaz couldn't detect a backdoor exploit? According to String the Sony IT department is the greatest in the industry.....

3rd game for free incoming.

I had to use the feature before the first hack (you had to input your email and d.o.b. to reset your password). I had to because I forgot my password lol. I spent 20 million years trying to reset it though because I forgot I used a different year for my birthday because I was 16 when I signed up :P.

thats it, i want facial recognitions and fingerprint scans in ps4Heil68

ok they fixed it so what? it's nice he informed them about it.

dipsetboy17

Everyone's just real lucky a good guy reported it so quickly.

Changed my PSN email just in case.

GiantBomb is reporting on it as well.

Why is Sony so incompetent?

Haziqonfire

thats it, i want facial recognitions and fingerprint scans in ps4Heil68

#lolpsn

Isn´t it a phishing scam?

wow sony. pathetic.

[QUOTE="Heil68"]thats it, i want facial recognitions and fingerprint scans in ps4river_rat3117

Sony should stop playing games and stop trying to hide from their problems. Their brand is already tarnished. Man up Sony.