[WASC-WHID] WHID 2011-112: Hackers breach Sony's password reset system

WASC Web Hacking Incidents Database wasc-whid at lists.webappsec.org
Thu May 19 09:42:48 EDT 2011


WHID 2011-112: Hackers breach Sony's password reset system

Entry Title: WHID 2011-112: Hackers breach Sony's password reset system
WHID ID: 2011-112
Date Occurred: May 19, 2011
Attack Method: Stolen Credentials
Application Weakness: Insufficient Password Recovery
Outcome: Account Takeover
Attacked Entity Field: Entertainment
Attacked Entity Geography: Japan
Incident Description: Sony's PlayStation Network is under fire again, with a
new security breach hitting the beleaguered company.
Just days after the network was resurrected following a massive data breach,
there is mounting evidence that hackers have circumvented protections put in
place via a password reset page.
According to the Nyleveia gaming website, hackers have discovered an exploit
that allows them to change user passwords using only a PlayStation Network
account email and date of birth - information which could have been
harvested during the recent attack.
Mass Attack: No
Reference: 
http://www.pcauthority.com.au/News/257912,hackers-breach-sonys-password-rese
t-system.aspx
Attack Source Geography:


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/wasc-whid_lists.webappsec.org/attachments/20110519/b2727f89/attachment-0003.html>


More information about the wasc-whid mailing list