In yet another embarrassing PSN faux pas, Sony has had to take down its mandatory password reset page.
Some bright spark decided that the password could be reset by using only your PSN account email and date of birth to verify your identity – but both those details were compromised in the great PSN hack of April 2011.
So it would be just as easy for a hacker to pose as you and reset your password as it would be for you to do it yourself.
As of this afternoon, Sony has made PSN sign-in unavailable on its websites including the site that users are directed to by password reset emails, although you should still be able to sign in on a PS3 or PSP.
Article continues below
Sony said: "Unfortunately this also means that those who are still trying to change their password via Playstation.com or Qriocity.com will be unable to do so for the time being.
"This is due to essential maintenance and at present it is unclear how long this will take.
"In the meantime you will still be able to sign into PSN via your PlayStation 3 and PSP devices to connect to game services and view Trophy/Friends information."
Nyleveia.com was the first to spot the hacker-friendly loop hole, and claims, "The system went down approximately 15 minutes after I received a response from SCEE on the matter."
We're wondering how many "hiccups" Sony needs to have, before it understands the seriousness of getting its online security right.