[WASC-WHID] WHID 2011-112: Hackers breach Sony's password reset system
WASC Web Hacking Incidents Database
wasc-whid at lists.webappsec.org
Thu May 19 09:42:48 EDT 2011
WHID 2011-112: Hackers breach Sony's password reset system
Entry Title: WHID 2011-112: Hackers breach Sony's password reset system
WHID ID: 2011-112
Date Occurred: May 19, 2011
Attack Method: Stolen Credentials
Application Weakness: Insufficient Password Recovery
Outcome: Account Takeover
Attacked Entity Field: Entertainment
Attacked Entity Geography: Japan
Incident Description: Sony's PlayStation Network is under fire again, with a
new security breach hitting the beleaguered company.
Just days after the network was resurrected following a massive data breach,
there is mounting evidence that hackers have circumvented protections put in
place via a password reset page.
According to the Nyleveia gaming website, hackers have discovered an exploit
that allows them to change user passwords using only a PlayStation Network
account email and date of birth - information which could have been
harvested during the recent attack.
Mass Attack: No
Attack Source Geography:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the wasc-whid