Sony Corp said it plugged a new online security hole that could have allowed hackers to gain control of accounts on its PlayStation Network and Qriocity entertainment services.
The company said it temporarily took down a Web page that allows people to reset passwords for their PlayStation Network and Qriocity accounts from personal computers after it learned of the security hole, which could allow someone with an account holder's date of birth and email address to gain control of those accounts by resetting their passwords.
Birth dates and email addresses were among the personal information that Sony believes were stolen in an intrusion on its PlayStation Network last month, during which more than 100 million accounts were compromised.
In a statement, a Sony spokesman described the security hole as a "URL exploit," which could allow a hacker to trick the company's password reset page by manipulating the uniform resource locator, or address, for the Web page. After gaining control of someone's PlayStation Network account, a hacker could make purchases on the service with any funds stored in the account, but couldn't gain access to a customers' credit cards, according to Sony.
The spokesman said the password reset page for the PlayStation Network remains down, even though Sony has fixed the security hole. The company expects to reactivate the website soon.
The spokesman said the PlayStation Network itself was never interrupted by the new security hole. The flaw didn't affect customers' ability to reset their PlayStation Network passwords on their PlayStation 3 consoles, the company said.
Sony began restoring the PlayStation Network last week after an outage that lasted several weeks, during which the company sought to shore up the security for the network.
Word of the security hole was reported earlier by the game industry news site, Nyleveia.com, which said in a post Tuesday that it was notified of the hole by an unnamed individual. The site said it verified the security hole on its own, as did other game industry websites.
The company said it temporarily took down a Web page that allows people to reset passwords for their PlayStation Network and Qriocity accounts from personal computers after it learned of the security hole, which could allow someone with an account holder's date of birth and email address to gain control of those accounts by resetting their passwords.
Birth dates and email addresses were among the personal information that Sony believes were stolen in an intrusion on its PlayStation Network last month, during which more than 100 million accounts were compromised.
In a statement, a Sony spokesman described the security hole as a "URL exploit," which could allow a hacker to trick the company's password reset page by manipulating the uniform resource locator, or address, for the Web page. After gaining control of someone's PlayStation Network account, a hacker could make purchases on the service with any funds stored in the account, but couldn't gain access to a customers' credit cards, according to Sony.
The spokesman said the password reset page for the PlayStation Network remains down, even though Sony has fixed the security hole. The company expects to reactivate the website soon.
The spokesman said the PlayStation Network itself was never interrupted by the new security hole. The flaw didn't affect customers' ability to reset their PlayStation Network passwords on their PlayStation 3 consoles, the company said.
Sony began restoring the PlayStation Network last week after an outage that lasted several weeks, during which the company sought to shore up the security for the network.
Word of the security hole was reported earlier by the game industry news site, Nyleveia.com, which said in a post Tuesday that it was notified of the hole by an unnamed individual. The site said it verified the security hole on its own, as did other game industry websites.