May 19, 2011, 5:27 PM — It will be a month tomorrow since Sony's PlayStation Network was fully operational, and the popular gaming site is still beset by troubles.
The latest is a URL exploit that took the network offline for awhile Wednesday until it was fixed, Sony says in its PlayStation Blog, which has been its main forum for detailing the extent of the attack that compromised personal information on more than 100 million customers and led to Sony shutting the network down to rebuild it.
TIMELINE: PlayStation Network hack
Sony's explanation of the problem was vague, but discussion forums say a vulnerability would allow attackers who knew customer email addresses and birthdates to take over their accounts via PlayStation Network's password reset page.
Sony is requiring all its customers to reset their passwords after the breach that led to the shutdown. That process hasn't been going smoothly because wait times for the network to respond to reset requests have been long. Frustrated customers who click more than once are sending multiple requests, which not only clogs the system, but can, after three tries, lock them out.
The company had been turning the network back on by stages.
Meanwhile, a group calling itself PH4N70M Hacking Team is claiming responsibility for the original hack, offering some details about what it may have done to breach the network.
"The PSN was comprised of multiple forwarding servers. When my team went in, we found an authorization server (Codenamed auth.sony). This server had no encryption, no DDoS protection was in place. No load balancing," according to a statement posted on The Hacking Network sourced to the founder of the team, who was not identified by name.
The group apparently has some link to the international hactivist group Anonymous, based on the statement. "The key players in PH4N70M (Phantom) include an exploiter (TH0R), Xik, and several others including the operation payback collaborator named Wolfy. The rest of the team will remain hidden for now," the statement says.