Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

Sony reset suffers setback after security flaw discovered

The beleaguered company firmly denied that its networks had come under fresh hacker attacks as it begins to restore services after a massive data breach in April of up to 100 million users' details.

"We temporarily took down the PSN and Qriocity password reset page," said Sony spokesman Patrick Seybold in a PlayStation blog update.

"Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed," he said.

Restoring PlayStation services

Details of the exploit were not disclosed, but a flaw in the site had made it possible for hackers to change a user's password if they knew the e-mail address and date of birth associated with an account, according to the Bangkok Post.

Sony said users who have not reset their passwords for PSN are encouraged to do so directly on their PlayStation 3 game console, or they will be able to do so via the reset website as soon as it is restored.

The company is attempting to restore services on a country-by-country basis, starting with the Americas, Europe, Australia, New Zealand and the Middle East. It hopes to have all regions restored by the end of May.

But earlier in the week, these regions reported difficulties logging in. The high volume of password-reset requests by online gamers has forced Sony to suspend services to clear the backlogs.

Cybercriminals outwit security

Sony took down the PSN and Qriocity services on April 20 after its data center in San Diego was hacked, but did not reveal the breach until April 26.

The firm has come under fire for the delay, but Sony chief Howard Stringer has defended Sony's actions, saying it acted faster than most companies.

In his latest statements, Stringer claims that most breaches go unreported by companies, and 43% of notifications are made up to a month after the breach.

Stringer said protecting private information is a never-ending process, and in the bad new world of cybercrime, it is impossible to guarantee 100% security.

This story was first published by Computer Weekly

What’s Hot on Infosecurity Magazine?