hi-playstation-rtr2lnw6-default

Sony says customers who haven't yet changed their passwords should do so directly on their PlayStation 3 console or wait for the password change website to come back up. ((Reuters))

A potential security issue prompted Sony to take down the password reset web page for its PlayStation Network and Qriocity sites Wednesday, just four days after it began restoring service to its hacked gaming service.

Concerned users can — and are encouraged to — reset their passwords on their own Playstation 3 gaming consoles. They just can't do so via a central web page.

"Contrary to some reports, there was no hack involved" in this latest development, said a posting by Patrick Seybold, senior director of corporate communications for Sony Computer Entertainment, on the PlayStation Network blog.

"In the process of resetting of passwords there was a URL exploit that we have subsequently fixed."

Sony began restoring the websites for the PlayStation Network and Qriocity entertainment services on May 14, after an outage of more than three weeks. The outage was the result of a massive security breach caused by a cyberattack.

Among the data believed stolen in the attack were usernames, passwords, email addresses and birthdates of more than 100 million users of:

  • The Sony PlayStation Network, which allows users to play online games, surf the web, chat with friends and download games and other content from the PlayStation store using their PlayStation 3 consoles.
  • The Qriocity entertainment service, which streams movies on demand to compatible Sony devices such as HDTVs and Blu-ray players.
  • Sony Online Entertainment, which offers multi-player online games such as Everquest 2 and Free Realms that can be played via PC, PlayStation 3 and Facebook.

Sony has encouraged all users to change their passwords.

Seybold said customers who haven't yet changed their passwords can do so directly on their PlayStation 3 console or wait for the password change website to come back up.

Timeline

  • April 16-17: Hackers break into Sony Online Entertainment.
  • April 17-19: Hackers break into Sony PlayStation Network and Qriocity.
  • April 19: Sony detects an "external intrusion" on its PlayStation Network.
  • April 20: Sony shuts down the PlayStation Network and Qriocity.
  • April 22: Sony says the networks are affected by "an external intrusion" and that it is investigating.
  • April 26: Sony announces that it believes "an unauthorized person" has obtained personal data of PlayStation Network and Qriocity users.
  • May 1: Sony Computer Entertainment executives apologize for the breach at a press conference in Tokyo.
  • May 2: Sony says Sony Online Entertainment was also affected by a malicious intrusion.
  • May 4: Sony provides details of its investigation to a U.S. Congressional subcommittee.
  • May 5: Sony CEO Howard Stringer apologizes and offers free identity theft insurance coverage to U.S. customers.
  • May 14: Sony starts restoring PlayStation Network services.