May 18, 2011
Sony Discovers New Security Hole
Sony Corp said on Wednesday that it has shut down a website set up to help millions of users affected by April's data breach after finding a "security hole."
The site had been designed to help 77 million users of its PlayStation Network reset their passwords after discovering hackers had obtained personal information from the accounts.
Sony alerted its customers on its PlayStation website about the issue.
Sony spokesman Dan Race said the company found the security hole on a webpage that could potentially allow the hackers who hacked the network in April to access their accounts using the data they had already stolen.
"If I had your email and your birth date I could have potentially got access to your account," Race said in a statement.
Sony said that it temporarily took down the PlayStation Network password reset page, as well as that of its Qriocity music service.
Sony shut down its PlayStation Network globally last month and has slowly started to restore access.
Analysts said the company faces a tough road ahead in addressing the security issues brought to light by the security breach.
Sony said no hacking had taken place on this website and that PlayStation Network account holders can still change their passwords on their PlayStation consoles at home.
Nyleveia, a videogames blog, reported that Sony's reset process was not properly verifying Authentication Tokens, which are small files used to establish a secure connection between consoles and the PlayStation Network.
The company said engineers are working to patch the vulnerability.
PlayStation 3 owners who have already changed their passwords are able to play games online, but those who have not will have to wait until the problem is resolved.
On the Net: