Sony’s weighed in on the question of whether its PlayStation Network online login was “hacked” yesterday.
Its verdict: not a hack, just an “exploit.”
“We temporarily took down the PSN and Qriocity password reset page,” said Sony spokesperson Patrick Seybold on the PlayStation blog, adding “Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.”
Exploited: Sony’s PSN browser-based login and password reset page. Nyleveia noticed the “exploit” yesterday, writing “A new hack is currently doing the rounds in dark corners of the internet that allows the attacker the ability to change your password using only your account’s email and date of birth.” It all sounded rather grim, especially when you consider what hackers allegedly made off with in the original mid-April PSN hack: a list of PSN account emails and birth dates.
Thankfully Sony took the page offline almost immediately (Nyleveia’s taking credit for prompting Sony’s actions, though Sony’s not saying who tipped it off at this point, or whether it was tipped at all). As far as we know, no one’s accounts were unintentionally compromised.
Exploit? Hack? What’s the difference? Depends who you talk to, but in dictionary parlance, the distinction’s academic. In public relations parlance, “hack” sounds worse, ergo “exploit.”
As for the PSN, it’s up and has been since Saturday. The exploit only affects your ability to login through the official PSN website.
“Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3,” says Seybold. “Otherwise, they can continue to do so via the website as soon as we bring that site back up.”