Super Stardust HD
Wipeout HD + Fury
- 30 days free PlayStation Plus membership for non PS Plus subscribers*
- Existing PlayStation Plus subscribers will be given 60 days free subscription.
- For existing Music Unlimited subscribers, you will be given 30 days free subscription.
- We are working on a Welcome Back offer in PlayStation Home and will share that when it is confirmed.
I would like to thank all of the developers and publishers involved in this programme for their support in making this happen. We certainly couldn’t have done it without you.
You will be able to access this content once PlayStation Store comes back online and we are doing everything we can to make that happen as soon as possible.
Thank you for your support and keep checking back on the blog for more information.
1. For eligibility for the welcome back programme consumers must be an account holder on 20 April 2011. Specific details about these offers and eligibility requirements will be posted as the services go live. All existing PSN registrants have 30 days from when the welcome back programme goes live to redeem their content.
2. For the German market, InFamous and Dead Nation will be replace with Super Stardust HD and Hustle Kings in the selection of PS3 games.
3. For the German market, Pursuit Force and Killzone Liberation will be replaced with Everybody’s Golf 2 and Buzz Junior Jungle Party in the selection of PSP games. Killzone Liberation will not offer online gameplay functionality.
4. Access to the 30 days free PS Plus subscription is only available for those countries where PS Plus is offered. You will have access to the PS Plus content planned for May for 30 days. Access to the free games and exclusive features finishes at the end of the 30-day subscription period. Anything you buy with exclusive discounts, dynamic themes and premium avatars are yours to keep forever.
Just a heads up, Sony may have had a major password hack exploit on their password reset page as recently as yesterday. Whether true or not, it should already be fixed.
I want to make this clear to ALL PSN users. Despite the methods currently employed to force a password change when you first reconnect to the PlayStation network, your accounts still remain unsafe.
A new hack is currently doing the rounds in dark corners of the internet that allows the attacker the ability to change your password using only your account’s email and date of birth.
It has been proven to me through direct demonstration on a test account, so I am without any shadow of a doubt that this is real.
I would suggest that you secure your accounts now by creating a completely new email that you will not use ANYWHERE ELSE, and switching your PSN account to use this new email. You risk having your account stolen, when this hack becomes more public, if you do not make sure that your PSN account’s email is one that cannot be affiliated with or otherwise traced to you.
While we originally assumed this was a poor hoax designed only to stir the community into another frenzy, the individual who we are in contact with requested just two pieces of information from us: this being an account email and the date of birth used for that account. We promptly created a new account via us.playstation.com and provided the individual with the email address and date of birth used.
Roughly a minute later they requested that we try to login with the password we used for the account (which they did not know at any point), and sure enough, we were presented with an invalid username and/or password prompt.
In addition to this, within a few minutes we received an email from Sony stating the following:
This email confirms that your PlayStation(R)Network password account has been changed successfully.
If you did not change your password…
This email has been sent to you because the password for the relevant PlayStation(R)Network account has been changed.
If you did not change your password, please contact Customer Support at the following address:
The PlayStation(R)Network Team
While we will not reveal specific details regarding how the exploit is performed for obvious reasons, we can say that the exploit involves a vulnerability in the password reset form currently implemented, not properly verifying tokens.
UPDATE: In the interest of sidestepping the naysayers and getting the warning out there, if someone working for a larger, more well known site (Kotaku, Destructoid, IGN, etc) wants to contact me for a live demonstration that this exploit is the real deal, you can do so at firstname.lastname@example.org.
UPDATE 2: Web based PSN login / Password recovery is now down for maintenance, hopefully as a result of our contact with SCEE. And more importantly, hopefully to fix the security issue.
UPDATE 3: To clarify the situation, we had confirmed ourselves the method used last night, and contacted SCEE, SCEE have acted upon this information, we felt the information previously provided in our tweets and this article may have been a little too revealing to the vulnerability, thus we “dumbed down” the explanation of the security hole. We have provided SCEE with a detailed description of the security hole.
While it’s unclear at this time if they will actually patch the flaw while they have the system taken down, I can also confirm that the system went down approximately 15 minutes after I received a response from SCEE on the matter.
We for rather obvious reasons do not want to elaborate further on the exact details of the exploit, on the off chance that when the web based interface for PSN is restored the exploit has not been patched.
UPDATE 4: Last update on the topic most likely, i notice a lot of people are saying that we should not have posted this information and simply contacted Sony, and you’re right in thinking this, however we contacted SCEE as soon as we had confirmed that the exploit was in fact real, the problem was that at the time there was a good 8-9 hour stretch where SCEE would not see our messages and given the rate at which the exploit method was spreading in the dark corners of the internet, we felt as though we needed to publicise the exploit advising users to change the emails used for their PSN accounts to secure them until Sony could patch the security hole.
Originally we posted rough details on how the exploit operated, to give further evidence to users that it was a valid reason for them to change their passwords, as with most news like this on the internet, people tend not to believe something until hoards of users have been affected, we posted an article on N4G advising PSN users to switch their email addresses which was promptly reported as spam/lame/fake by several users who refused to believe the news due to our site just being a small news outlet.
All along our main priority and focus has been to assist Sony and PSN users in keeping their accounts safe. If the current downtime for the web based forms results in the exploit being patched then our job is done and the potential thieft of countless user accounts has been nipped in the bud as early as humanly possible.
Thank you to everyone that has taken our warnings seriously and acted upon it, and to SCEE for their swift response to the matter.
If it means anything to anyone, the more specific method they had previously posted that hinted at the hack said this:
While we are hesitant to reveal too many details regarding how the exploit is performed, for obvious reason, we can say that the exploit specifically involves the web address https://store.playstation.com/accounts/reset/resetPassword.action?token When used in combination with another web address (normally used for password recovery) certain key details can then be extracted and used to trick the server in to allowing the password of an account to be changed without a valid Sony-issued security token.
Sony's latest tweets on the subject, that appear to be trying to hide the real purpose of modifying the page:
"Clarification: this maintenance doesn't affect PSN on consoles, only the website you click through to from the password change email."
"Fortunately we have got ISPs to release outstanding emails; unfortunately, a small amount of maintenance is required to improve this process"
Nyleveia wrote:UPDATE 5: Okay, due to the email response I felt i should answer some general common questions regarding the topic.
Q. If I already reset my password am I safe?
A. The exploit was possible on any account the email and date of birth was known for, regardless of if the password was changed or not, or what region the account was tied to.
Q. What if they don’t know my Date of Birth or Email account?
A. Then the average user would not be able to take your account, however due to the database being illegally accessed in April, it’s safe to assume that someone, somewhere, has access to a large number of users details, which include date of birth and email addresses, this alone should be reason enough to change your email.
Q. Are you sure this is real?
A. Yes, it was demonstrated to one of our empty accounts, then we were able to repeat the process ourselves after figuring out the method, this was additionally confirmed when a twitter user provided us with his data and requested that we change his password as proof.
We have since emailed him his new password, and no other data on his account was changed.
Q. Can Sony fix it?
A. Shortly after containing SCEE, the online forms connected to login and password recovery for the PlayStation and other linked networks was shut down and placed in a maintenance mode, I can only assume this is a direct response to our detailed reports to SCEE, with that said, I assume that when services resume the exploit will be patched and everyone’s data once again safe.
Q. If Sony fixes the hole should I worry?
A. I would suggest that everyone, regardless of if they have been affected or not, create a new password and change their account email to one they do not use anywhere else, and will not be sharing with anyone else just for additional security.
Q. Will you give us more details on the exploit?
A. Until we have confirmed that the security hole has been patched we will not release further details on how and why the exploit was possible.
Barring any additional problems, Sony plans to bring the PlayStation Store back online next Tuesday, May 24, according to a memo sent to Sony's game developer and publishing partners.
The company has sent a tentative publishing schedule to partners detailing when their games, expansions and other releases will become available to players. In the memo, obtained by Gamasutra, Sony unveils plans to do two content pushes per week for the next two weeks to catch up with the backlog of content.
"We thank you for your patience as we work to resume service of the PlayStation Store," wrote PSN content manager Jack Osorno to developer partners.
The first push, set to coincide with the PlayStation Store's reopening, will distribute content that was originally scheduled to publish on April 26. Three days later on the 27th, another round of games will go live, which were originally scheduled for May 3.
The following week, pushes will take place on May 31 and June 3, using content that originally had been planned to be spread over three weeks. At that point, the company will be back on schedule and, presumably, return to a single content push per week.
While Sony is trying to maintain the queue that was already in place, the company says it is willing to move some titles around, depending on urgency. Seemingly, this would include DLC packs for existing titles that have already released expansions on other platforms.
"If there are concerns, we are willing to consider adjusting the release date of your content on this schedule," says Osorno. "Adjustments will be made on a case by case basis."
The launch of the PlayStation Store is one of the final steps to bringing the PlayStation Network back to full operation. Sony has said many times that it expected the network to be fully operational before the end of May.
Osorno's note does not detail what plans, if any, Sony has to assist developers who were impacted by the outage.
In some cases, that impact has been substantial. Capcom corporate officer and SVP Christian Svensson, for instance, has previously estimated the company's lost revenue from the outage as being in the "hundreds of thousands, if not millions of dollars."
Other developers have remained more supportive of Sony, but have made public appeals to the company to assist them with marketing their titles once the Store goes back online so that they might recoup any losses.
Sony, though, is actually in something of a power position -- especially with smaller developers. Despite the security crisis, the company remains one of the most powerful players in the video game industry, so few, if any, small shops are going to make a lot of noise complaining about the way they feel they have been treated. While some could jump to Microsoft's Xbox Live platform, they're unlikely to do so immediately.
For consumers, the relaunch of the PlayStation Store should get them one step closer to being able to claim the contents of their "Welcome Back" package. As detailed on Sony's U.S. PlayStation Blog, PlayStation 3 owners with existing PSN accounts will be able to download two free games from a pool that includes Dead Nation, Infamous, LittleBigPlanet, Super Stardust HD and Wipeout HD.
Sony has said that those (and other) freebies would be made available once services are fully restored.