• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

Sony had an exploit on their PSN password recovery page and is now fixed

Status
Not open for further replies.
T

TheSeks

Blinded by the luminous glory that is David Bowie's physical manifestation.
larvi said:
The DoB doesn't require a year, only month/day?
Click to expand...

No, it does. But it wouldn't be hard to speculate age. Some people put their birthyears in their PSN id FFS.

"ThisisaUserName99" could tell you two things: 1) They're born in September on the 9th. Or they were born in 1999.

Some people go further and use "ThisisaUserName1899." (AKA: Jan. 8th 1999)

I'm not too sure how common it is anymore for birthyear/birthdate or whatever being part of the username given some popular names (like "Razor") have a random number for the popularity but it was common in the early internet.
 
Synless

Synless

Member
No joke, my alternate PSN account I use occasionally has been compromised. I need to contact Sony now to get it back.
 
Zoe

Zoe

Member
Smision said:
can't change it online yet, wtf?!

i don't even own this stupid system anymore, I'd like to delete my credit card now please.
Click to expand...

Is that even possible through the web interface? You might want to just call support and get it over with.
 
T

TheSeks

Blinded by the luminous glory that is David Bowie's physical manifestation.
Zoe said:
Is that even possible through the web interface? You might want to just call support and get it over with.
Click to expand...


Should be. But probably not.

Honestly, they need to put that and a DRM management utility online. There is no fucking reason I can't deactivate certain PS3's remotely through a web interface.

Because I can't deactivate my PS3 that YLoD, I now have to beg and plead Sony when I get the $150 and send it to them to fix the YLoD, transfer my shit to a new PS3 while that PS3 is still alive and deactivate the broken PS3 because it wastes a slot on my 5 DRM scheme. STUPID.
 
V

vg260

Member
Can someone recap?

If we changed our password the morning PSN went back up, and haven't received any other PSN emails, we're ok right?

Also, was in PSN-only stuff that got stolen in the initial hack or did all playstation web site passwords get stolen too? (like message boards)
 
3

3rdman

Member
enzo_gt said:
PSN is such a joke because of all of this. I hope they never live this down. If I was still an invested PS3 owner I would probably reconsider sticking with the brand in the future after this has gone so far. At the mercy of a bunch of hackers.

Gonna take more than free shit for a few months to get them out of this. This is permanent damage.
Click to expand...
I've never liked PSN but I was always hoping that somehow they'd put together a competent service to rival Live in the hope that MS would begin to feel the sting of competition and allow online gaming for free.

I think with the embarrassment Sony has gone through, any thought of that happening are gone (at least for the foreseeable future). MS even has ammo in their defense with "security concerns" to help justify Live's pricing...Sony, in this respect, is kinda fucked. They probably want to go to a pay system (PSN++++) but without the reputation of a secure system, it's gonna be awhile before they go that route.
 
T

test_account

XP-39C²
aaaaaa said:
what the hell does this mean
Click to expand...
I guess that in some way you can define this URL exploit as an hack, but he (Patric Seybold) is probably just meaning to say that there was no hack in the sense that someone broke into their servers (like what happened with the PSN hack).


2&2 said:
If we changed our password the morning PSN went back up, and haven't received any other PSN emails, we're ok right?
Click to expand...
Yeah, i'm pretty sure that we're ok. This URL exploit shouldnt work any longer, so if you havnt received any unsuspected password change email, then no one should have changed your PSN password =)
 
H

HaRyu

Unconfirmed Member
2&2 said:
Can someone recap?

If we changed our password the morning PSN went back up, and haven't received any other PSN emails, we're ok right?

Also, was in PSN-only stuff that got stolen in the initial hack or did all playstation web site passwords get stolen too? (like message boards)
Click to expand...

Logging in to any of the Sony websites was based off the PSN id, so everything had one id.
 
T

test_account

XP-39C²
3rdman said:
I've never liked PSN but I was always hoping that somehow they'd put together a competent service to rival Live in the hope that MS would begin to feel the sting of competition and allow online gaming for free.

I think with the embarrassment Sony has gone through, any thought of that happening are gone (at least for the foreseeable future). MS even has ammo in their defense with "security concerns" to help justify Live's pricing...Sony, in this respect, is kinda fucked. They probably want to go to a pay system (PSN++++) but without the reputation of a secure system, it's gonna be awhile before they go that route.
Click to expand...
I think that online play on PSN will cost money when PS4 comes out. Maybe it will still be free on PS3 at that time, but not on PS4. That is my guess at least.
 
Boss Man

Boss Man

Member
Uh, that's pretty clearly a hack isn't it? I guess they're just trying to indicate that the network itself wasn't attacked.
 
L

LeCapitan

Neo Member
VALIS said:
My job has me listening to a lot of the conferences from Google I/O last week, and more than a few speakers have referred to potential web security fuck ups as "a Sony event." ie., "to make sure your company doesn't have a Sony event..." Oof. Sony's name is a bit in the mud right now.
Click to expand...

I have a feeling this is going to get much bigger.

(also, e.g.* not i.e., sorry had to do it)
 
P

Phantom Limbs

Banned
Alright guys, bought the 360 version of LA Noire. Sold then stole back the PS3 and put it in the washing machine.
What next?
Sell other Sony products steal them back and put them in the washing machine?
 
P

pantyhelmet

Banned
Phantom Limbs said:
Alright guys, bought the 360 version. Sold then stole back the PS3 and put it in the dishwasher.
What next?
Sell other Sony products steal them back and put them in the dishwasher?
Click to expand...
confirmed.
 
H

HaRyu

Unconfirmed Member
Phantom Limbs said:
Alright guys, bought the 360 version of LA Noire. Sold then stole back the PS3 and put it in the washing machine.
What next?
Sell other Sony products steal them back and put them in the washing machine?
Click to expand...

Say things to it to make it feel special, then date its sister, that way it'll fall into despair, which will make it want to eat to forget, before finally taking its life in a grand despair of anarchy and violence as it tries to hang itself in some cheap hotel in the middle of nowhere.
 
L

LeCapitan

Neo Member
StateofMind said:
Uh, that's pretty clearly a hack isn't it? I guess they're just trying to indicate that the network itself wasn't attacked.
Click to expand...

Since they used existing services in a devious way, rather than actively breaking services, it's considered an exploit.
 
S

Seraphinianus

Banned
3rdman said:
I've never liked PSN but I was always hoping that somehow they'd put together a competent service to rival Live in the hope that MS would begin to feel the sting of competition and allow online gaming for free.

I think with the embarrassment Sony has gone through, any thought of that happening are gone (at least for the foreseeable future). MS even has ammo in their defense with "security concerns" to help justify Live's pricing...Sony, in this respect, is kinda fucked. They probably want to go to a pay system (PSN++++) but without the reputation of a secure system, it's gonna be awhile before they go that route.
Click to expand...



you would think companies would learn, but, uh, look at the news for the latest 360 XBL update. There's always something new killing the 360 haha
 
A

Averon

Member
Smision said:
you would think companies would learn, but, uh, look at the news for the latest 360 XBL update. There's always something new killing the 360 haha
Click to expand...

It's going to be worse next gen, I bet. Gaming consoles and the networks they're running on are only going to get more complex and expand in size.
 
V

verbum

Member
Smision said:
you would think companies would learn, but, uh, look at the news for the latest 360 XBL update. There's always something new killing the 360 haha
Click to expand...

I think that is due to a security issue trying to determine if the dvd drive firmware is hacked. If it breaks your console, they are sending you a new slim 360 and a year of Live for free. Expected to be a small number of consoles.
 
M

msdstc

Incredibly Naive
Ughh sony continuing to make one mistake after the other. I haven't been affected, but it sucks that this still hasn't been cleared up.

Question, I don't have the email required to reset my password for my alternate account(s), it's not a huge deal, I mostly use them for online games, but was wondering if their is anyway to get the password changed without the email?
 
H

HaRyu

Unconfirmed Member
msdstc said:
Ughh sony continuing to make one mistake after the other. I haven't been affected, but it sucks that this still hasn't been cleared up.

Question, I don't have the email required to reset my password for my alternate account(s), it's not a huge deal, I mostly use them for online games, but was wondering if their is anyway to get the password changed without the email?
Click to expand...

Do you remember anything about the alt account? Like the birthday used, or even the street address used? Phone call to Sony should work then.
 
D

Dr. Feel Good

Banned
I know my account is compromised or something, I got an email from Sony saying my password had changed. It's connected to my parents PS3 (they bought one for a Blu-Ray player way back in 2007) and they don't even know how to turn it on and I haven't used the thing in years. I mean I certainly don't use the account, should I be concerned?
 
3

3rdman

Member
My job has me listening to a lot of the conferences from Google I/O last week, and more than a few speakers have referred to potential web security fuck ups as "a Sony event." ie., "to make sure your company doesn't have a Sony event..." Oof. Sony's name is a bit in the mud right now.
Click to expand...
Ha!
 
H

HaRyu

Unconfirmed Member
Dr. Feel Good said:
I know my account is compromised or something, I got an email from Sony saying my password had changed. It's connected to my parents PS3 (they bought one for a Blu-Ray player way back in 2007) and they don't even know how to turn it on and I haven't used the thing in years. I mean I certainly don't use the account, should I be concerned?
Click to expand...

Is there even a CC card attached to it?
 
C

Curufinwe

Member
TheSeks said:
No, it does. But it wouldn't be hard to speculate age. Some people put their birthyears in their PSN id FFS.

"ThisisaUserName99" could tell you two things: 1) They're born in September on the 9th. Or they were born in 1999.

Some people go further and use "ThisisaUserName1899." (AKA: Jan. 8th 1999)

I'm not too sure how common it is anymore for birthyear/birthdate or whatever being part of the username given some popular names (like "Razor") have a random number for the popularity but it was common in the early internet.
Click to expand...

My PSN name has a number on the end, but it's not my birthday. My 360 gamer tag used to end in a number, until I paid $10 to change it to match my GAF user name.
 
H

HaRyu

Unconfirmed Member
Dr. Feel Good said:
I bought Flower... so yeah, I would assume so.
Click to expand...

Then yes, you should, but you shouldn't panic TOO much, its not like they can figure out the CC number from just that, and go on a spending spree, worst case scenario, they'll buy crap off of PSN on your account. You have a window of opportunity where they really can't do jack to you unless the PSN store is up

Go see if you can password reset again as soon as it comes up. Change the email too if you want.
 
N

nemesun

Member
What the hell is going on? just checked my email and this was in my mailbox:
rvwynd.jpg

I changed my password when the psn went back up but didn't get a notification email back then, is it possible this email is related to that? my cc info is on my psn...
 
M

msdstc

Incredibly Naive
Zombie James said:
It was fixed over an hour ago.
Click to expand...

I'm not saying this particular case, I mean this whole security situation. I don't see this as a big deal, but the public perception is that sonys security is an absolute disaster. They come off of the massive breach, just to have another minor hole they completely missed again.
 
A

androvsky

Member
nemesun said:
What the hell is going on? just checked my email and this was in my mailbox:

I changed my password when the psn went back up but didn't get a notification email back then, is it possible this email is related to that? my cc info is on my psn...
Click to expand...

Their emails have been very slow due to the volume, if you changed your password once and received one notification email, you should be okay.
 
Status
Not open for further replies.

Similar threads

Free $5.99 PSN Credit Thread Of Why Not?! (Official Sony Promotion/NA region only)
11 12 13 14 15
724
64K
Special J replied
  • Locked
PSN Hack Update: FAQs in OP, Read before posting
188 189 190 191 192
10K
552K
Mr_Elysia replied
Valve's fake, rigged, waste of time Progress Quest troll Portal 2 ARG
213 214 215 216 217
11K
566K
JaseC replied
Top Bottom