Sony suffers further ignominy as PSN password exploit exposed
Account email and DOB allows anyone to change PSN passwords via reset page
Sony's efforts to control the negative press surrounding the PSN security breach have suffered yet another blow after it was been revealed that an exploit on the web page used to reset PSN passwords allows anyone with access to a user's account email and date of birth to change the password.
What compounds the problem for Sony is that this information was part of the data compromised during the PSN security breach itself.
Video evidence of the exploit was passed to Eurogamer.net having been exposed on Nyleveia.com. It is not known how many accounts were affected.
The page itself has now been taken down, meaning that the mandatory password reset for returning customers is currently unavailable.
"Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being," Sony said in a statement. "This is due to essential maintenance and at present it is unclear how long this will take.
"In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information."
Sony has been contacted for a response regarding the situation.