Share

Related Links

  • Computer Weekly
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

Top 5 Stories

News

Sony reset suffers setback after security flaw discovered

19 May 2011

Sony has been forced to suspend the PlayStation Network (PSN) and Qriocity password reset web pages after discovering a flaw that could be exploited by hackers.

The beleaguered company firmly denied that its networks had come under fresh hacker attacks as it begins to restore services after a massive data breach in April of up to 100 million users' details.

"We temporarily took down the PSN and Qriocity password reset page," said Sony spokesman Patrick Seybold in a PlayStation blog update.

"Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed," he said.

Restoring PlayStation services

Details of the exploit were not disclosed, but a flaw in the site had made it possible for hackers to change a user's password if they knew the e-mail address and date of birth associated with an account, according to the Bangkok Post.

Sony said users who have not reset their passwords for PSN are encouraged to do so directly on their PlayStation 3 game console, or they will be able to do so via the reset website as soon as it is restored.

The company is attempting to restore services on a country-by-country basis, starting with the Americas, Europe, Australia, New Zealand and the Middle East. It hopes to have all regions restored by the end of May.

But earlier in the week, these regions reported difficulties logging in. The high volume of password-reset requests by online gamers has forced Sony to suspend services to clear the backlogs.

Cybercriminals outwit security

Sony took down the PSN and Qriocity services on April 20 after its data center in San Diego was hacked, but did not reveal the breach until April 26.

The firm has come under fire for the delay, but Sony chief Howard Stringer has defended Sony's actions, saying it acted faster than most companies.

In his latest statements, Stringer claims that most breaches go unreported by companies, and 43% of notifications are made up to a month after the breach.

Stringer said protecting private information is a never-ending process, and in the bad new world of cybercrime, it is impossible to guarantee 100% security.

This story was first published by Computer Weekly

This article is featured in:
Data Loss  •  Identity and Access Management

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×