Sony has acknowledged another security hole in its PlayStation unit – and while it might not be as catastrophic as the recent security breach, it’s bound to be an embarrassment for the company – and another hurdle officials have to overcome as they work to regain consumers’ trust.
The company has blocked user logins on all PlayStation Websites after being informed of an exploit (or workaround) that could let unauthorized people take control of user accounts using the very same information that was stolen from Sony roughly four weeks ago.
Sony, in a statement on its official blog, said “In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.” That fix has yet to go live as of 5pm ET, though. Users are still unable to log in through the Web page.
The exploit, which was first exposed by Nyleveia.com, apparently allows third parties to change the password on accounts by utilizing the user’s email address and date of birth – data that was stolen from over 77 million PlayStation accounts in the initial cyber attack.
Users are still able to access their accounts – and the PlayStation Network – through their PlayStation 3 consoles. Only Website access has been blocked at this time.
Because Sony was proactive and took action as soon as it found out about the exploit (right as word was circulating online), there’s likely little to no actual damage done. But to have an incident like this so soon after the company assured users that their system was once again secure is a notable blotch on the company’s record – and certainly won’t help the company’s ongoing damage control.