UPDATE: Sony is now denying that any new hack has occurred.
It has been only 2 days since Sony began restoring some services of its PSN network and Qriocity. Online multiplayer became available for most people on Sunday, prompting a general hallelujah from most PS3 gamers.
As a component of their initial restoration, PSN users are required to change their passwords. Sony sent emails to its customer with a link to a login page to do just that. Sony also said that these passwords could only be changed via on singular console in the future.
It appears as though Sony may have suffered another breach, just hours after it began to get everything back online. This would mean that after Sony made a huge deal about “verifying security” before bringing their services online, they might have failed within 48 hours.
Nyleveia first reported that a “new hack is currently doing the rounds in dark corners of the internet.” This breach allows hackers to change user passwords simply by using the email associated with the PSN accounts and the user’s date of birth.
Both of which are pieces of information that Sony admitted were obtained by hackers during the initial breach in April that caused the nearly month-long outage of the PSN.
From the poster on Nyleveia:
It has been proven to me through direct demonstration on a test account, so I am without any shadow of a doubt that this is real.
I would suggest that you secure your accounts now by creating a completely new email that you will not use ANYWHERE ELSE, and switching your PSN account to use this new email. You risk having your account stolen, when this hack becomes more public, if you do not make sure that your PSN account’s email is one that cannot be affiliated with or otherwise traced to you.
While we originally assumed this was a poor hoax designed only to stir the community into another frenzy, the individual who we are in contact with requested just two pieces of information from us: this being an account email and the date of birth used for that account. We promptly created a new account via us.playstation.com and provided the individual with the email address and date of birth used.
Roughly a minute later they requested that we try to login with the password we used for the account (which they did not know at any point), and sure enough, we were presented with an invalid username and/or password prompt.
Eurogamer later confirmed this info.
The website that the password change email directs users towards is currently down, and PSN sign-in is unavailable on Playstation.com and Playstation forums. Concerning this takedown of the login site, Sony has reported it as a maintenance issue:
“Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance and at present it is unclear how long this will take,” Sony said, “In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information.”
Yesterday, Sony unveiled the details of their “Customer Appreciation Program,” aka their apology with merchandise. It offers free games, premium PSN services and more.
If this all proves to be accurate, there’s no telling what it will do to the already shaky confidence that people have in Sony.