Just days after bringing the PlayStation Network backonline, a new exploit appears that allows someone to reset your password and gain access to your account. While not *technically* a "hack" (see Sony's response below), there's not much difference between being "hacked" and "exploited" for the average person...
What We Know: As part of the new security measures put in place by Sony after the PSN outage last month, Sony implemented a mandatory PlayStation Network password reset, as well as a firmware update for all PS3 owners. Apparently hackers have found a way to reset your password if they know your email address and date of birth. Both pieces of information were taken in the original attack, making them publicly available to the right people.
A few gaming websites including Eurogamer and Nyleveia. Sony has since disabled the password reset system as it investigates.
Sony's Sr. Director of Corporate Communications & Social Media, Patrick Seybold, had this to say in a recent update via Sony's official blog:
"We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed.
Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up."
What to do now? If you haven't already reset your password, you'll have to wait for Sony to bring the password reset system and fix online. Once it's backonline we would suggest changing the email address associated with your PSN account. After doing that the new hack should no longer work.