Password Recovery Bug Puts PSN Users at Risk

News
By published

Sony has suffered another blow as reports indicate that even users that have changed their passwords since PSN has come back online are still at risk.

This past weekend, Sony finally reached its goal of bringing PSN back online. Along with a service restart, Sony also rolled out a mandatory update to all users, which required that they change their password before logging in. However, it seems things still aren’t secure, despite this forced password change, as users’ accounts may still be at risk.

A posting over on game blog Nyleveia claims that all accounts remain unsafe because of a hack that allows a third party to change your password using only your email address and date of birth. Nyleveia claims that its source demonstrated the exploit and they received a ‘password successfully changed email’ from Sony and could no longer use their own password to sign in.

Nyleveia contacted Sony, providing a detailed account of the exploit and, shortly after, Sony shut down web-based PSN login and password recovery. Right now, users attempting to sign in via PlayStation.com are seeing the following notice:



Considering email addresses and DOBs were among the data stolen during last month's attack, it's plausible that the people responsible for that breach could potentially take over your account. Sony has yet to comment on the validity of the exploit, but Nyleveia suggests making a brand new email address just for your PSN account. We'll update if Sony comments on the situation.

Read more about the exploit here.

See more Gaming News
Jane McEntegart

Jane McEntegart works in marketing communications at Intel and was previously Manager of Content Marketing at ASUS North America. Before that, she worked for more than seven years at Tom's Guide and Tom's Hardware, holding such roles as Contributing Editor and Senior News Editor and writing about everything from smartphones to tablets and games consoles.

Latest in Playstation
The PlayStation Portal on a counter with the start screen for Horizon Forbidden West
PlayStation Portal just got upgraded cloud streaming features — here’s what’s new
God of War Ragnarok
PlayStation’s epic March sale is live with PS5 games from $3 — here’s 17 deals I’d buy
Horizon Forbidden West on PC
AI-powered PlayStation characters are being tested at Sony — what we know
The Last of Us Part I screenshot with a Tom's Guide deal tag
PlayStation launches new sale with big discounts on essential PS5 games — here’s my 17 favorite deals from $2
PS VR2 headset with PS VR2 Sense controllers
PlayStation VR2 getting a $200 price drop in March — is it worth buying now?
The PlayStation logo on a PS5 Pro
Ex-Sony executive predicts the PS6 will arrive in 2028 — what you need to know
Latest in News
Bill Gates in 2019
Bill Gates just predicted the death of every job thanks to AI — except for these three
NYTimes Connections
NYT Connections today hints and answers — Wednesday, March 26 (#654)
Gemini screenshot image
Google unveils Gemini 2.5 — claims AI breakthrough with enhanced reasoning and multimodal power
Samsung Galaxy Z Flip 6 review.
Samsung Galaxy Z Flip 7 design just teased in new cases leak — and the outer display is huge
Google Chrome
Chrome failed to install on Windows PCs, but Google has issued a fix — here's what happened
nyc spring day AI image
OpenAI just unveiled enhanced image generator within ChatGPT-4o — here's what you can do now
More about playstation
The PlayStation Portal on a counter with the start screen for Horizon Forbidden West

PlayStation Portal just got upgraded cloud streaming features — here’s what’s new
God of War Ragnarok

PlayStation’s epic March sale is live with PS5 games from $3 — here’s 17 deals I’d buy
Stephen Graham as Eddie Miller in "Adolescence"

5 best shows like ‘Adolescence’ to stream now
See more latest
33 Comments Comment from the forums
  • JOSHSKORN
    Oops! Probably should've come up with a different password recovery method, considering users' data was stolen.
    Reply
  • Tmanishere
    This is the song that never ends,
    It just goes on and on, my friends.
    Reply
  • maestintaolius
    Hmm... whoops.
    Reply
  • zak_mckraken
    Looks like more free games are on the way... Well, not for me of course since I don't own a PS3.
    Reply
  • Trialsking
    zak_mckrakenLooks like more free games are on the way... Well, not for me of course since I don't own a PS3.
    Yeah me neither. I am glad to be an "elitist" PC gamer. But I do have sympathy for those affected.
    Reply
  • dfusco
    I just took my PS3 out to the driveway and battered it into wretched debris with a hammer.
    Reply
  • someguynamedmatt
    TrialskingYeah me neither. I am glad to be an "elitist" PC gamer. But I do have sympathy for those affected.Same here, although I don't feel any sympathy whatsoever. That was ripped out of me when I was told by a bunch of PS3 owners that PCs werent meant for gaming, that my system was crap, and that there's no difference whatsoever between it and a PS3. Actually, the PS3 is apparently better at gaming than a gaming PC.
    Nope. No sympathy to be found here. Ignorance is bliss, I guess, when you don't understand that someone's GPU alone has more power than your entire console, nor what the word "resolution" means, nor anything else that has anything to do with graphical quality whatsoever. I don't mind that people like their consoles - that's just fine with me. But when they go out of their way to bash on PC 'elitists', that's when they need to be put in pain.
    /rant on why I hate most console gamers
    Reply
  • ahahahahahahaaa
    Reply
  • kinggraves
    If PSN had only been down a day I could've said "they just rushed it and forgot to double check", but after being down for weeks....really? I mean, Sony...REALLY? Not ONE person there said "Hey, maybe using the stolen personal data to recover passwords, not a good idea?" in that ENTIRE TIME?

    This is the problem with corporations nowadays, CEOs write their own checks and answer to no one. If I was a shareholder I'd demand the resignation of anyone who hasn't been on vacation for the past month. Taco Bell managers have more common sense than the people who are running Sony. Considering how dependent they are on brand recognition, this kind of sloppy bandaging is going to do unimaginable damage to their profits.
    Reply
  • zkevwlu
    Well after this incident I don't think the Japanese will let Sony turn PSN back on ever again.
    Reply
Most Popular
Stephen Graham as Eddie Miller in "Adolescence"
5 best shows like ‘Adolescence’ to stream now
NYT Strands on a cellphone
NYT Strands today — hints, spangram and answers for game #388 (Wednesday, March 26 2025)
NYTimes Connections
NYT Connections today hints and answers — Wednesday, March 26 (#654)
Bill Gates in 2019
Bill Gates just predicted the death of every job thanks to AI — except for these three
Google Chrome
Chrome failed to install on Windows PCs, but Google has issued a fix — here's what happened
Gemini screenshot image
Google unveils Gemini 2.5 — claims AI breakthrough with enhanced reasoning and multimodal power
Samsung Galaxy Z Flip 6 review.
Samsung Galaxy Z Flip 7 design just teased in new cases leak — and the outer display is huge
nyc spring day AI image
OpenAI just unveiled enhanced image generator within ChatGPT-4o — here's what you can do now
WWDC logo on yellow background
Apple WWDC 2025 date set for June 9 — iOS 19, Apple Intelligence and more expected
Motorola Razr Plus 2024 cover display
Motorola Razr Plus (2025) leaked specs hint at bigger upgrades — here's what we know