Two days after the Playstation Network’s restoration, a URL exploit temporarily compromised users’ password security, allowing hackers to reset users’ passwords with their e-mail address and date of birth.
And guess what had been made available to hackers over the month-long initial PSN attack?
Fortunately, Sony took the PSN password page down almost immediately – within 15 minutes of being informed by user Nylevia of the situation. Websites like Playstation.com cannot currently be used to access PSN. Consoles remain unaffected. A subsequent Sony update on the Playstation Blog stated:
“We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed. Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.”
For more details, check ars technica’s article on the situation.