Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Sony takes down PlayStation Network after URL error

A Web programming glitch could lead to account takeover

Nothing comes easy to Sony these days. The company was forced to take part of its Sony PlayStation Network offline briefly on Wednesday as it fixed a Web glitch that gave hackers a way to take over users' accounts.

Sony was hacked last month, and since Saturday had been bringing its PlayStation Network (PSN), Sony Online Entertainment network and Qriocity sites back online. To lock down the networks' security, Sony has been asking users to reset their passwords, but now a Web programming error has ground that process to a halt.

According to a discussion forum posting by Sony, the company has turned off its sign-in feature for PlayStation.com, Qriocity, PlayStation blogs, forums and gaming websites as well as Music Unlimited on the Web.

Midday Wednesday the company gave a vague description of what had happened.

"We temporarily took down the PSN and Qriocity password reset page," Sony spokesman Patrick Seybold said in a posting to its PlayStation blog. "In the process of resetting of passwords there was a URL exploit that we have subsequently fixed." Contrary to some reports, the site had not been hacked, Seybold said.

Sony didn't say exactly what it meant by "URL exploit," but according to the gaming blog Nyleveia, Sony's password reset page was configured so that anyone who knew their victim's e-mail address and birth date could take over that account.

Seybold said this was due to a "vulnerability in the password reset form," but did not publish details of how the password reset could be done.

"Consumers who haven't reset their passwords for PSN are still encouraged to do so directly on their PS3," Seybold wrote. "Otherwise, they can continue to do so via the website as soon as we bring that site back up."

About 77 million gamers use the PSN.

Another of Sony's networks, the Sony Online Entertainment network, is apparently unaffected by the problem. It continued to operate online Wednesday.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: etwork, IDG, Seybold, Sony
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Game platforms, games, security, sony
Latest Blog Posts
Whitepapers
  • Web 2.0 in the Workplace Today
    More than a decade after the term ‘Web 2.0’ was coined, many businesses are still nowhere near to taking full advantage of the collaborative technologies the term refers to. Undoubtedly, confidence is growing in relation to using tools such as Facebook, Skype, Twitter, and indeed many more organisations are using such technology now compared to even just a couple of years ago. But the fact remains that a worrying amount of businesses seem to be operating a ‘lockdown’ approach – an approach that I’m sure many Board-level staff know is simply not good for business in the long-term.
    Learn more »
  • Botnets: The dark side of cloud computing
    Botnets pose a serious threat to your network, your business, your partners and customers. Botnets rival the power of today’s most powerful cloud computing platforms. These “dark” clouds, controlled by cybercriminals, are designed to silently infect your network. Left undetected, botnets borrow your network to serve malicious business interests. This paper details how you can protect against the risk of botnet infection using security gateways that offer comprehensive unified threat management (UTM).
    Learn more »
  • 10 Mobile Security Requirements for the Bring Your Own Device (BYOD) Enterprise
    An enterprise mobility strategy needs to include more than the provisioning and security services available through mobile application and MDM solutions. To meet the mobility and security requirements of mobile users, enterprises need to look at deploying a solution for mobile content management (MCM) that supports BYOD policies. Read this whitepaper to learn: Why provisioning for mobile users has become more complex; Ten requirements to consider when selecting a mobile content security solution.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments