By now it isn’t really a surprise, but Sony and PSN had another “setback” today when it was revealed that there was an exploit in the Password Reset on the PSN website.
Long story short, the details to reset your password via the website were pretty basic and. I can understand there being a dilemma, how exactly do you verify someone is who they say they are without using the data you already have? However at least using the console would be a much more solid and secure means than the website. I fully expected that, at least for now, the only way to update data such as passwords would be using the console only password changer. It surprised me wasn’t that there was an exploit, but that it was possible to use a web form. Of course there would be people who genuinely need to reset their password, but again this should be through the console.
If you are worried about being a victim of this, check your mails. You should have received an email if your password has been reset, although having taken precautions myself I’m not 100% sure of the process and what you can do then.
Also I just want to say this… if you’ve had an account hacked don’t sit on it. Immediately (well ASAP) change your password, change your email (if possible) and change your security questions. For pity sake, don’t sit there with leaked data… get it changed ASAP! You should also do this process via your PS3 itself, not the web. I promptly updated my details to rather fake ones, set up a new email account and password within about an hour of PSN coming back… and it shouldn’t be too late for others to do the same.
Yes, Sony have shown themselves to be a proud member of the clown brigade (along with my former City Council, BT and Scottish Power) but that doesn’t mean that you need to join them to the moron convention through your own negligence. kkthxbye.