* Sony discovers ‘security hole’ on password resets
* Latest setback in PlayStation Network restoration plans
* Sony’s networks still not secure - expert
* No hacking occurred in this case - Sony (Adds comments by Sony, security expert and analyst; link to Sony’s message; byline)
By Liana B. Baker and Jim Finkle
The site had been designed to help 77 million users of its PlayStation Network reset their passwords after finding the security weakness.
The issue, which Sony alerted customers to on its PlayStation website, marks yet another setback for the company, which has been under fire since hackers broke into its systems about a month ago.
Sony spokesman Dan Race said the company found the security hole on a webpage that could potentially allow the hackers who had breached personal data from users in April to access their accounts using the data they had stolen.
“If I had your email and your birth date I could have potentially got access to your account,” Race said.
In response, Sony on Wednesday temporarily took down the PlayStation Network password reset page, as well as that of its Qriocity music service. It has since fixed the issue and will bring the pages back up shortly, Race added.
Sony last month disclosed that it had been a victim in one of the biggest cyber-attacks in history.
It shut down its PlayStation Network across the globe in mid-April and has slowly started to restore access, starting in the United States. The company is still working with Japanese government authorities to restore access in that country.
Analysts said the company faces a tough road ahead in addressing the security issues brought to light by the scandal.
“This is one of the things that was probably overlooked and forgotten by Sony,” said Maxim Group analyst Mark Harding.
John Bumgarner, a well-regarded Internet security researcher and U.S. military special operations veteran, last week told Reuters he had identified a handful of flaws that would be easy for a hacker to identify and potentially exploit. [ID:nN09260464]
He said on Wednesday that he wasn’t surprised by Sony’s latest gaffe because security flaws remain across the company’s vast computer networks.
“The Sony network in general still isn’t secure and still has security issues that could be exploited by hackers,” said Bumgarner, who is chief technology officer for the U.S. Cyber Consequences Unit, a nonprofit group that monitors Web threats.
Sony said no hacking had taken place on this website and that PlayStation Network account holders can still change their passwords on their PlayStation consoles at home.
On Tuesday, Chief Executive Howard Stringer fired back at critics for saying Sony had not acted quickly enough to inform consumers about April’s data breach. [ID:nN17141235]
The notice to users about the website shutdown can be found here: bit.ly/JkCma
Reporting by Liana B. Baker; Editing by Richard Chang