Sony's efforts to revive its PlayStation Network (PSN) have stumbled after the firm discovered a flaw hackers could exploit when it came to resetting passwords.
Sony temporarily disabled PSN and its Qriocity music streaming password reset pages to fix a vulnerability in a system that was just regaining its footing after a cyber attack that resulted in it being shut down for weeks.
"We temporarily took down the PSN and Qriocity password reset page," Sony spokesman Patrick Seybold said in an update posted at the PlayStation blog.
"Contrary to some reports, there was no hack involved," he explained. "In the process of resetting of passwords there was a URL exploit that we have subsequently fixed."
Details of the exploit were not disclosed, but a door open had reportedly been left ajar for hackers to change a user's password if they knew the email address and birth date associated with an account.
"Consumers who haven't reset their passwords for PSN are still encouraged to do so directly on their PS3," Seybold said. "Otherwise, they can continue to do so via the website as soon as we bring that site back up."
PSN connects PlayStation 3 (PS3) consoles to online games, films and more.
Sony on Sunday began a "phased restoration" of network services that came under hacker attacks in one of the biggest data breaches since the advent of the internet.
Cyber thieves stole personal data that included names, passwords and addresses from more than 100 million accounts on PSN and Sony Online Entertainment services.
Sony has said it cannot rule out that millions of credit card numbers may have been compromised.
Sony shut down the PSN and Qriocity on April 20 after its data centre in San Diego was hacked - but it did not reveal the breach until April 26.
The entertainment and electronics giant began restoring the services on Sunday and promised that defences had been hardened.
The Japanese multinational estimated that the cyber attack cost the firm $1 billion.
Sony chief Howard Stringer, speaking for the first time on the crisis Tuesday, said protecting private information was a "never-ending process" and he did not know if anyone could be "100 per cent secure."