New PSN woes... Your password can be hacked
Just as Sony was gradually restoring services, part of the PlayStation Network has been taken down again. This is because the password reset system can be compromised.
Sign-in is now unavailable on a majority of SCE's websites, including PlayStation.com and the PlayStation forums.
According to Eurogamer, the password reset system, which users have been asked to utilise due to the recent theft of user data, features an exploit that potentially allows hackers to change users' password using only their PSN account emails and dates of birth - exactly the information stolen originally.
If not fixed, this would allow attackers to steal accounts completely, including the ability to spend users' money on PlayStation Store items.
Sony is keen to stress, though, that this exploit only exists on the computer reset mechanism: "Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being," it said. "This is due to essential maintenance and at present it is unclear how long this will take.
"In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information."
The company also tweeted, "Clarification: this maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email."
It is currently unknown whether the exploit is fixable or when the sign-in to services will return.