Sony has confirmed that there is an issue with the web site password reset system for its Playstation Network that would allow hackers to change a PSN user's password. Eurogamer.net reports that as a result of the exploit, Sony has decided to make "PSN sign-in unavailable for a number of its websites, including PlayStation.com and the PlayStation forums. All PlayStation game titles are also unavailable."
The exploit, which was first revealed at the Nyleveia.com web site and confirmed by others, does not affect people who just want to use their Playstation 3 or PSP consoles to sign onto the Playstation Network. According to the story, the exploit is web-based only. However, it would still allow hackers to change a PSN user's password "using only your PSN account email and your date of birth". In its official statement, Sony says, "Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being. This is due to essential maintenance and at present it is unclear how long this will take."
This is just the latest issue in Sony's attempt to restore all services for the Playstation Network after a cyber attack forced Sony to shut down the Network on April 20. Sony began to restore the network on Saturday night and Sunday, including multiplayer matchmaking and other features. However the full Playstation Network, including restoring the online Playstation Store, is not scheduled to be back online until the end of May.
Update: In a post on the Playstation Blog site, Sony has confirmed that the web site password exploit has now been fixed, saying, "Consumers who haven’t reset their passwords for PSN are still encouraged to do so directly on their PS3. Otherwise, they can continue to do so via the website as soon as we bring that site back up."