Just two days after the PlayStation Network was restored after a near month-long outage, the PSN password page has apparently been exploited. According to reports, the exploit allows other users to reset your account password using only your e-mail address and date of birth. This personal data was made available to hackers during the initial PSN attack.[Previous TGIS]
The issue was first reported by Nyleveia, which was contacted by an unnamed source who reportedly performed the hack on a dummy account, prompting an e-mail message confirming that the password had been changed. Similar reports on gaming forum NeoGAF show an identical situation, in which the user provided the necessary information only to receive two subsequent e-mails: one claiming that someone was attempting to change the account's password and requesting the user click on a confirmation link, and another confirming that the password had been changed.
"I never clicked the confirmation link," the user wrote. "So yeah... my password was successfully changed by someone else."
20 May 2011
TGIS: Thank God It's Schadenfreude! (320)
This week's joy in the misfortune of others comes courtesy of Ars Technica (from Wednesday, May 18; link good at time of posting):