How are they incompetent with this issue now? Almost all companies use the same email address verification, or a very similar method, for login information....
Normally, the reset link is in the e-mail, or you are sent a verification code in the e-mail that you have to type in to change your password. That way only the person who has access to the e-mail account can reset the password.
What Sony did in this case was require you to just type in
your e-mail address and birth date to reset your password. Nothing is sent to you to verify you have access to the e-mail account. And guess what? Whoever stole all the PSN data also
has everybody's e-mail addresses and birth dates.