A Sony password reset page, which may have been vulnerable to a security exploit, currently down "for maintenance."
Sony's long cybersecurity nightmare may not be over quite yet.
On Wednesday, reports began to surface that the company's PlayStation Network (PSN) has been breached yet again, this time via a vulnerability in its password reset interface. The bug was first reported by the gaming site Nyleveia.com, which also sent me a video of what seems to the exploit in action.
Using just a simple browsing trick, the demonstration video shows a user resetting the password for an account using only an email address and date of birth. Both those pieces of information were among the mass of data that Sony has said was stolen by hackers from its network last month. Meanwhile, Sony has taken down its password reset site "for maintenance."
I've contacted Sony for comment but have yet to hear back from the company.
If the reports of a vulnerability bear out, there's still no evidence that the bug is being exploited by hackers who have access to users' emails and dates of birth. Cautious users may nonetheless want to switch the email address associated with their account to one that would not have been exposed in last month's PSN breach.
Another security vulnerability would be just the latest embarrassment for Sony, coming as company tries to recover from a series of hacker attacks that have brought down its corporate websites, exposed as many as 100 million users' information, and taken down its gaming network for more than a month.
Timing couldn't be much worse for Sony's President Howard Stringer, who just yesterday declared to reporters that "we are up and running, and we are safer than ever."
Sony has said it's still investigating the source of its data-spilling breach with the help of law enforcement, though it has controversially hinted that the the hacker collective Anonymous may have been involved, after the group launched cyberattacks on Sony last month.
No hay comentarios:
Publicar un comentario