Not so fast: Sony's PlayStation Network hacked again [Updated]

[security curmudgeon <jericho () attrition org>]

http://thenextweb.com/industry/2011/05/18/not-so-fast-sonys-playstation-network-hacked-again/

Not so fast: Sony's PlayStation Network hacked again [Updated]
Wednesday May 18, 2011
Matthew Panzarino

Less than 2 days after Sony started bringing its PlayStation Network back 
online reports are coming in that the besieged gaming giant.s platform has 
been hacked yet again. MCV is reporting that the exploit allows for 
hackers to change users passwords using only a PSN account email and date 
of birth, two pieces of user information that were obtained in the 
original hack. Update below.

MCV says that the hack, which is really an exploit of Sony.s password 
reset system, was first reported by Nyleveia.com and then corroborated by 
Eurogamer. Now the PSN login option is unavailable on a number of Sony.s 
sites. Sony's login site that is used to reset passwords using the email 
and date of birth is now down.

According to Nyleveia the exploit was demonstrated to it personally by 
someone who knew the method.

[..]
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Learn encryption strategies that manage risk and shore up compliance.
Download Article 1 of CREDANT Technologies' The Essentials Series:
Endpoint Data Encryption That Actually Works
http://credant.com/campaigns/realtime2/gap-LP1/