While trying to get its customers up and gaming again after its massive data breach, the Sony Playstation Network suffered another hack, even though the company doesn't call it a hack. The Playstation Network blog reported on Wednesday:
"We temporarily took down the PSN and Qriocity password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed. Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up."
The timing of this latest security problem couldn't be worse. The Sydney Morning Herald reported:
"Sony chief Howard Stringer has warned he can no longer guarantee the security of the electronics giant's gaming network in the "bad new world" of cybercrime..."
What? Bad new world of cybercrime? Data breaches are not new. Stringer's comments are disappointing, at best. If I were a Playstation Network customer, I'd cancel and close my account.
Earlier this month, Sony suffered two data breaches at its Playstation Network and at its Online Entertainment units. In testimony before the U.S. Congress, a security expert stated that Sony allegedly used obsolete data security software.
A former hacker and lead architect at MyKonos Software, Kyle Adams, said that the hackers may have accessed Sony's servers via its blog, which was running an obsolete version of the WordPress blogging software. Adams also suggested that the hack attack probably was not random and was persistent.