According to a report by Nyleveia, an exploit could allow a third party to change your PSN password using only the registered e-mail address and date of birth. The report has been substantiated by Eurogamer, who claims to have seen video evidence of the exploit in action.
This exploit is especially dangerous as the required information, e-mail and date of birth, are among the bits of information compromised in the recent PSN security breach.
“I would suggest that you secure your accounts now by creating a completely new email that you will not use ANYWHERE ELSE, and switching your PSN account to use this new email,” Nyleveia recommends. “You risk having your account stolen, when this hack becomes more public, if you do not make sure that your PSN account’s email is one that cannot be affiliated with or otherwise traced to you.”
Sony has taken down the web-based PSN account information change page for maintenance, hopefully to fix the breach. Users may still access the PSN through their console; the exploit is related only to web-based password changes.
“Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being,” Sony said. “This is due to essential maintenance and at present it is unclear how long this will take. In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information.”