Now that PlayStation Network is up again, a new issue has risen to the forefront: password security. According to Nyleveia, a user’s email address and birth date are all anyone needs to change the password and, ultimately, gain full access to a PSN account.
Nyleveia sources conducted an experiment with a test PSN account. Using only the email address and the birth date entered for the test PSN account, the source was able to change the password. An email was then received from Sony stating that the password had been changed. Nyleveia did not reveal their sources.
“While we originally assumed this was a poor hoax designed only to stir the community into another frenzy, the individual who we are in contact with requested just two pieces of information from us: this being an account email and the date of birth used for that account. We promptly created a new account via us.playstation.com and provided the individual with the email address and date of birth used,” Nylevia said.
Shortly after Sony received detailed reports of the issue, they took down the login page for a “small amount of maintenance.” Anyone trying to login will see a message stating that the server is currently down for maintenance.
Nyleveia reports that, at least for now, users should consider creating a new email address that is not used anywhere else and using it for their PlayStation Network account. Not doing so leaves the PSN account open to theft.
For now, Sony is not calling this a “hack” but a maintenance issue. Hopefully, they will be able to quickly fix the hole and get PlayStation Network back up again with yet another security issue fixed.