Fresh reports have started cropping up online regarding a new PSN exploit that appears to let hackers utilise someone’s credit card details on the PlayStation Store without the need for the card’s security code. Sony requires this info when you first set-up an account or when you log-in from another console, but otherwise doesn’t ask for the CVV number for general use.
However, the exploit allows someone in possession of a user’s PSN account to bypass this requirement, allowing them to effectively use the credit card to make fraudulent purchases on their account.
PSN Exploit Is Worrying Development For Sony’s Online Service
Speaking with MP1st, a modder revealed, “It isn’t an exploit with the consoles, it’s an exploit with the network.” More alarming however is a claim by the person who unearthed the exploit that Sony was only concerned about the issue if it went public; according to the individual, the exploit itself has been around for five years now.
Furthermore, they apparently sent Sony about the exploit using the hackerone program, but the console maker concluded in its reply that the exploit served no security risk and was fraud.
“After review, there doesn’t seem to be any security risk and/or security impact as a result of the behaviour you are describing. If you are able to leverage this into a practical exploitation scenario, we will be happy to reevaluate this report, but at this time, it does not present a significant security risk.”
“This appears to be a fraud issue,” says Sony’s reply.
At this point, it is highly recommend that PSN users take steps to ensure they have activated Sony’s Two-Step verification process to project your account. MP1st has said they have contacted Sony about the issue, but have yet to receive a reply at the time of writing.
Sony is obviously no stranger to this sort of thing. Back in 2011, the company saw thousands of accounts worldwide compromised by the large-scale PSN hack.