Triangle Circle Shapes
Square Cross Shapes

Posted 6:57pm

Update on PSN Password Reset Process

We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.

Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up.

Did you enjoy this?

Comments

138 Comments 0 Author replies
Show oldest first
Gustav_zet 18 May, 2011 @ 7:11 pm   1

Plz add me on PSN Gustav_zet. I paly COD: Black Ops

ShadowDoGGG 18 May, 2011 @ 7:13 pm   2

Well it was an exploit because it meant that anyone with the user’s e-mail and date of birth could change their password without any other intervention and because this information was most likely in the list of stolen details.

Still, good job that the person who found it quickly told you and this time you took action.

Skookie30 18 May, 2011 @ 7:16 pm   3

hope the person that told sony of the fault wasn’t a Hacker :O

Skaterchu-habbo 18 May, 2011 @ 7:19 pm   4

This time hey don’t sayed when back online???

SteadiestShark 18 May, 2011 @ 7:20 pm   5

Is it worth changing my password again? >_>

Idamagaron 18 May, 2011 @ 7:21 pm   6

Still, this is an amateur mistake to make, no user should be able to change their password without having a reset token sent to their email account to properly verify ownership of the account. Even the most basic of user systems generally have better authentication than using birth date and email as proof, especially as this data was recently compromised (though it is freely available on some sites).

Anyway, rant out of the way, I’m glad you discovered this exploit soon and patch it before any real damage (I hope) has been caused.

Nightmare966 18 May, 2011 @ 7:27 pm   7

Well, now that’s fixed, I guess now everything goes back to *fully* normal. Good for the media who contacted you too, I applause them, because anyone else would have just posted right away without even contacting you.

Reaperman 18 May, 2011 @ 7:29 pm   8

C’mon Sony! You’d think after the month of hell you’d had, you had thought of better security for the password reset process! I’m getting worried you’re just institutionally lax with security, I hope I’m wrong as I’ve been loyal to the playstation brand since my PS1 back in 1995. At least you’ve communicated quicker this time.

TwilightMum2010 18 May, 2011 @ 7:33 pm   9

So if you have fixed the problem when are you going to get the site back up amd running for those with emails waiting to be clicked?

immortalnub 18 May, 2011 @ 7:37 pm   10

Sony, I love you and everything, but seriously, sort your act out, you’re going to lose customers.

anonymus212 18 May, 2011 @ 7:38 pm   11

Any closer to the PS Store being brought up again Nick ? Are we getting there ?

DBcoopmore 18 May, 2011 @ 7:39 pm   12

Really? This is getting a little ridiculous now.

saumibane 18 May, 2011 @ 7:44 pm   13

OMG ALL the PPL Have u guys Got any clue how much money and time it takes to finish a hack thing.When XBOX was down for 3 weeks its the same.NOW ALL the guys complete ur trophies

LawnMower000 18 May, 2011 @ 7:46 pm   14

it’s ridiculous. that email for resetting my pw took 3 f’ing days. and then the link I have to klick on says “under maintenance”. I want to get into my main account. how am I supposed to get my account working??? I even already called the German support number but all they said was: “well, err, we don’t know.” and hung up on me.
give me an all the others some information. please.

lil_mOO 18 May, 2011 @ 7:47 pm   15

Do we only get the emails sent to us if we change our passwords by the website and not our PS3s? I changed mine via PS3 a few days back and it never said anything about an email (which I haven’t got). Also, any news when the store will be back online? (Which reminds me, I need to cancel my credit card… Meh).

CainCZ 18 May, 2011 @ 7:48 pm   16

Any news about the PSN Store? :) Is it going to be up and running till the end of the week?

Cloudedpaul 18 May, 2011 @ 7:51 pm   17

i had to recover another account last night, clicked email and received my email instantly, i dont understand how its worked twice for me now instantly and not for others, but yeah as others have said well done for getting it sorted fast

buckrogers1 18 May, 2011 @ 7:51 pm   18

will the Playstation Store be back up before June.

samuelcd1997 18 May, 2011 @ 7:56 pm   19

Soo, any news on PS Store.
I really want to play MK9 online and i cant without putting my code in the store first…

PHILYPOT08 18 May, 2011 @ 8:01 pm   20

for people who are asking bout PS STORE it will be up and running by 31st of may it could be any time between now & end off may from what ive been told they are close to getting it up and running (HOPE SO) :D

iDanGeR_8 18 May, 2011 @ 8:04 pm   21

sony i love me =)

iDanGeR_8 18 May, 2011 @ 8:05 pm   22

^^
you

spikkle 18 May, 2011 @ 8:12 pm   23

Just do it on your PS3, no need to get your email account involevd then

Szamal 18 May, 2011 @ 8:12 pm   24

so do i have to change my password again?

lil_mOO 18 May, 2011 @ 8:14 pm   25

You’d only need to change your password again if someone else has changed it using the exploit. If you can log in fine on your PS3, then I think it should be fine.

spikkle 18 May, 2011 @ 8:21 pm   26

Guys wheever your password is changed, you get sent an email. If you get one when you know you DIDNT change it, or if you changed it yesterday, got a confimnration email but then recieved another one, then worry bout it.

Otherwise dont.

ieatpixels 18 May, 2011 @ 8:28 pm   27

I thought it would be exploitable haha.

Reaperman 18 May, 2011 @ 8:34 pm   28

@saumibane As a network engineer, yes I do know how an incursion, or as you expertly stated a ‘hack thing’ can take a lot of time to sort.. What we are all saying, and I don’t think you’ve grasped this is that this is a new, unrelated process to the hack, and Sony have blundered into another security issue. You’ll also note that many of us support Sony, but are getting a little tired of these screwups.

wezer1871 18 May, 2011 @ 8:35 pm   29

my account got hacked ages ago but when i tried using that site to see if i could get it back it said this account doesnt exist could he of changed the accounts email?

DBcoopmore 18 May, 2011 @ 8:41 pm   30

No replies again?

hotdog_hunter 18 May, 2011 @ 8:47 pm   31

How do you change your password via ps3? when i click on the change pw thing it says sent to email. but on this account i just did it there and then?

wezer1871 18 May, 2011 @ 8:48 pm   32

nick please answer my question i wunna know if i can get my account back

KRISSINATOR 18 May, 2011 @ 8:49 pm   33

When the hell will the people who live in countries that do not support the playstation store be able to change their passwords??

WOOP_YA_ASS 18 May, 2011 @ 8:52 pm   34

WILL WE B TOLD WHEN THA PASSWORD RESET PAGE WILL BE UP AGAIN OR ARE WE 2 JUST GUESS !!!!

lil_mOO 18 May, 2011 @ 8:53 pm   35

If you’ve updated to the newest version on your PS3, you should be able to change the password there (on your PS3), It’s what I did (didn’t get any emails about it though). The version you should be on now is 3.61.

WOOP_YA_ASS 18 May, 2011 @ 8:57 pm   36

NEW AD CAMPAIGN 4 $$$ONY

$ONY
making.excuses

helghast102 18 May, 2011 @ 9:02 pm   37

Shut up Dr. CAPSLOCK.

JolipinatorJG 18 May, 2011 @ 9:04 pm   38

Any word on the store coming back?

LawnMower000 18 May, 2011 @ 9:05 pm   39

@lil_m00.
no. I for example have never downloaded anything from the ps store since I prefer to hold my games and videos as a disc in my hands. that means according to the Sony instructions that the account is not activated on your ps3 so the hackers that got our data could j be faster than us and use a random ps3 to change our pw’s and get our accounts. that’s y they send those of us emails instead. however Sony f’ed it up. it’s not our email browsers. cause when u create a new account u get an email instantly. so it’s not the mail providers. it’s Sony. they screwed up again nd now fail at helping us at getting our main accounts by not replying/reacting.

Thank you for clearing that up.

Thebackupacc 18 May, 2011 @ 9:08 pm   41

So. when?

JordanBlack68 18 May, 2011 @ 9:08 pm   42

Credit to Nyleveia for contacting Sony first and not releasing the exploit, it took Sony 15 mins from the first contact to shut it down, kudos for being fast.

Just when you thought it was safe… :(

Thebackupacc 18 May, 2011 @ 9:09 pm   44

tomoz i guess…

TJC_69 18 May, 2011 @ 9:12 pm   45

Come on Sony. Help these people out.

There are still people who don’t have access to their accounts.
Whose idea was it to send all these e-mails anyway ?
It has to be the most braindead idea ever. You are punishing people for not downloading from PS Store before your inadequate Californian Servers were compromised. I was using a new PS3 when this happened , I didn’t get time to use the store for a quick download . And if 3.5 weeks wasn’t bad enough , I had to wait 48 hours for my e-mail. Would you be happy if that was you?

Why couldn’t everyone just get the same password reset option when PSN went back up ?

Help these guys out , they don’t deserve this treatment.

Skookie30 18 May, 2011 @ 9:13 pm   46

but if you forgot your password you got no choice you have to use the email & the password reset site.

@nick i got a question i forgotten my password it was a long 1 so i went yesterday on that site i‘m i Safe?

thanks :|

WOOP_YA_ASS 18 May, 2011 @ 9:15 pm   47

@TJC

MY POINT EXACTLY!! I WAITED 48HRS FOR E-MAIL THEN Y’ALL SHUT DOWN THE PASSWORD RESET PAGE !!! U CANT MAKE THIS STUFF UP !! :(

Siegor 18 May, 2011 @ 9:43 pm   48

Quick question: for people like me who changed their password via PS3 do we need to change it again or is this only applicable to those who changed their password via e-mail?
Thanks for your time.

jason54400 18 May, 2011 @ 9:54 pm   49

come on people calm down!

Like i said in a comment to a different blog post is that i feel people are lucky to get PSN on this quick as coding and testing takes time

thats oprobably one reason why te store isnt up yet due to it not being fully recoded/tested

there will be little bugs/exploits as personally sony should of let it until the beginning of next month to bring it all back on!

people wanted it back on as soon as possible, sony thought they would try and make people happy by potentiall “rushing” it causing these bugs but people are still not happy!

maybe if there was less initial “moaning” then it wouldnt be up now and would likely to be more secure if it was left off for another week or two while they were still working on the store

i coded as part of my computing a level and know what it involves thats why i personally think it was “rushed” slightly just to make online gamers happy

this is just my opinion thouh people and i could be wrong about things

CoolRichy008UK 18 May, 2011 @ 9:58 pm   50

i had no trouble changing my passwords on BOTH my accounts soon as i logged in it told me to change it i changed it and volla all is fine and WOOP_YA_ASS STOP MOANING or get a xbox

WOOP_YA_ASS dont apreciate how long it has taken sony to fix this problem no respect

Load all