Sony could have more embarrassment on its hands following reports the PlayStation Network (PSN) password reset page contains a flaw.
The Japanese firm has taken down sign-in on most of its websites, including PlayStation.com, as reports claimed hackers could exploit the vulnerability to change users' passwords.
Hackers would need the user's PSN account email and date of birth to make the changes, according to Eurogamer, which said it saw video evidence the vulnerability was genuine.
Email addresses and date of birth details were amongst the data stolen in last month's attacks on Sony.
The site PlayStation customers were being redirected to by password reset emails is also down.
"Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being," Sony said.
"This is due to essential maintenance and at present it is unclear how long this will take... In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information."
Nyleveia.com was first to report on the flaw, saying it had given Sony Computer Entertainment Europe (SCEE) a detailed description of the vulnerability.
Users were advised to change their account email to avoid being affected by any possible hack.
Hack was a hiccup'
The reports will not go down well at Sony, which started to restore PSN services over the weekend.
Sony chief executive (CEO) Howard Stringer this week labelled the hack attacks on the PSN a "hiccup."
Speaking publicly for the first time since the breaches, which saw data of over 100 million users stolen, Stringer said no one had a 100 per cent secure system.
"This is a hiccup in the road to a network future," he said.
Stringer defended Sony's response to the hacks, saying the time it took to inform customers was acceptable and only 43 per cent of firms notify users within a month.
"We reported in a week. You are telling me my week wasn't fast enough?" he said.
"This was an unprecedented situation."
The Sony chief posted an open letter online apologising for the data breaches following the hacks, addressing critics who suggested the Japanese manufacturer took too long to tell its customers.
PlayStation users were able to get back on the network this week as Sony restored services. However, in Japan, regulators are still looking for more information on the added security Sony promised before allowing PSN to be restored in the country.
Service restoration hit a snag earlier this week as users complained about not receiving their password reset emails.
Due to the sheer number of people attempting to get new passwords, emails were not going through to customers immediately.
UPDATE: A Sony spokesperson has told IT PRO the company was aware of the issue and is investigating.
"The PSN is still up and functioning, and consumers can still reset their passwords through PSN, but we have temporarily taken down the external password authentication sites whilst we investigate," the spokesperson said.
"Our people are working on this as we speak and we hope to restore this functionality as soon as possible."
-
Third time lucky? Microsoft finally begins roll-out of controversial Recall featureNews The Windows Recall feature has been plagued by setbacks and backlash from security professionals
-
The UK government wants quantum technology out of the lab and in the hands of enterprisesNews The UK government has unveiled plans to invest £121 million in quantum computing projects in an effort to drive real-world applications and adoption rates.
-
Hackers are targeting Ivanti VPN users again – here’s what you need to knowNews Ivanti has re-patched a security flaw in its Connect Secure VPN appliances that's been exploited by a China-linked espionage group since at least the middle of March.
-
Broadcom issues urgent alert over three VMware zero-daysNews The firm says it has information to suggest all three are being exploited in the wild
-
Nakivo backup flaw still present on some systems months after firms’ ‘silent patch’, researchers claimNews Over 200 vulnerable Nakivo backup instances have been identified months after the firm silently patched a security flaw.
-
Everything you need to know about the Microsoft Power Pages vulnerabilityNews A severe Microsoft Power Pages vulnerability has been fixed after cyber criminals were found to have been exploiting unpatched systems in the wild.
-
Vulnerability management complexity is leaving enterprises at serious riskNews Fragmented data and siloed processes mean remediation is taking too long
-
A critical Ivanti flaw is being exploited in the wild – here’s what you need to knowNews Cyber criminals are actively exploiting a critical RCE flaw affecting Ivanti Connect Secure appliances
-
Researchers claim an AMD security flaw could let hackers access encrypted dataNews Using only a $10 test rig, researchers were able to pull off the badRAM attack
-
A journey to cyber resiliencewhitepaper DORA: Ushering in a new era of cyber security
