A website set up by Sony to allow users to reset their passwords following last month's hack attack is itself subject to a security alert. A Sony user discovered an exploit on the site that could have been used by hackers to impersonate users.
Password resets have been necessary following the exposure of 77 million Sony PlayStation users' personal details.
Sony admitted the sites were insecure but said no hack had occurred. "We temporarily took down the PSN password reset page. Contrary to some reports, there was no hack involved. In the process of resetting of passwords there was a URL exploit that we have subsequently fixed," Sony said in a statement.
It will be further embarrassment for the gaming giant and more inconvenience for its users.
"Anyone who has already reset their password is still able to gain access to the PSN but for those who haven't they wont be able to reset it until the servers go live again, which will be shortly," said a Sony spokesman.
Wesley Yin-Poole, news editor of gaming website Eurogamer explained what had happened.
"There was an exploit that allowed anyone to reset your password using just your e-mail address and date of birth, effectively locking them out of their own PlayStation account," he said.
E-mail addresses and dates of birth are some of the personal details thought to have been stolen by hackers last month.
"This is just another embarrassment hot on the heels of the hack attack. It is nowhere near as serious but will be another headache for Sony," he added.
The majority of PlayStation users are able to reset their password through their consoles rather than by going online.
On 20 April the Japanese electronics giant was forced to shut down its PlayStation network, after what has been described as the biggest hack attack in history.
Yesterday, Sony boss Howard Stringer said the firm did act quickly enough to tell users about the problems.
Sony has offered users a year's free identity protection and free games in order to persuade them back to the network.