If you are a Sony PlayStation Network (PSN) customer you are probably getting a little paranoid. First there was the data breach from last month that exposed customer data and forced Sony to take the network down.
And now, just days after Sony got the service back up and running, it has taken the PSN password reset service offline because it was allowing people to change other customers' passwords if they knew their e-mail address and birth date--information that was stolen in the attack.
Sony says the hole in the PSN password reset site was not exploited in active attacks, although there are reports that the information was circling in the underground and being used prior to Sony taking the site down.
"Given what we've seen unfold over the past few weeks, people should know that Sony is very much a target right now, and they're having issues," said Chris Lytle, security researcher at Veracode.
Whether you think hackers are actively targeting Sony to get to your account and credit card information, you might want to step up your security practices. Here are some tips to help use the service more safely:
If for some reason you haven't been prompted to change your PSN password, do it now. Obviously, you can't change it through the PSN Web site if the password reset function is down, but you can do it through your console. Pick a password that is unique and strong and used only on this service. If you were using your PSN password on other services, change those too. For more password tips read this.
Create a new e-mail account to be used just for your PSN activity. One of the potential threats from the data breach, beyond the password resent problem, is phishing e-mails. Whoever has the list of stolen e-mail addresses and other personal data from PSN could now send targeted e-mails to PSN customers, pretending to be Sony and tricking customers into revealing their passwords and credit card information on a fake Sony Web site. Changing your e-mail will eliminate this threat.
Buy a pre-paid PlayStation Network Card to use at the PSN Store and delete your existing credit card information there. You can purchase the cards in $10, $20, and $50 denominations at Best Buy, GameStop, Amazon, 7-11 and other retail stores. If the card number is stolen it can only be used on the PSN Store and any loss is limited to the value of the card. The PlayStation Store does not accept any other types of pre-paid cards.
Monitor your credit card or debit card account associated with your PSN account. Sony has said it has no evidence credit card information was stolen but can't rule out the possibility that it was. As a result, the company is offering free identity protection through a company called Debix. Debix will be watching for signs of identity fraud, but the service hasn't kicked in yet for people in the U.S., at least. And it's always a good idea to keep a close eye out for suspicious transactions when your financial data may have been exposed.