Here we go again!

Nervusbreakdown

One Above All
Sep 11, 2013
10,018
4,541
4,031
https://mp1st.com/news/report-major...e-security-code/amp?__twitter_impression=true

Report: Major PlayStation Security Exploit Lets Hackers Use Customer Credit Card Info Without Needing the Security Code
PlayStation-Network-l.jpg

Share this:

We’ll file this one under the “major screw up” category, as it seems Sony has been left vulnerable for years now there has been an exploit that has potentially been costing consumers and allowing thieves to profit. Due to the nature of this PlayStation Security exploit, we won’t disclose how to actually do it since, y’know, it’s illegal. However we do hope this stirs up awareness for Sony, which according to a user who’s filed a claim, that the exploit is still not being acknowledged.
[Update 2] We have decided to include the actually video and user who had decided to make this public finally since this isn’t something anyone can go out and do themselves as it requires a stolen PSN account. The video, which is about 15 minutes long shows the process of how hackers are able to commit fraud on stolen users account despite there being a security check for the users main account via CVV confirmation. We originally didn’t not want to include it for respect that it could do greater harm and per the request of some of the active scene members not wanting the video to garner attention as it’s harmful. Though Since it is public and the user does say they wish see this fixed we decided to include it.

What you are seeing here is a bypass of the accounts CVV code. Again, there are measures in place to prevent this if the user hasn’t set-up 2-steps or security answers, but due to the nature of the bug it allows hackers to exploit it by providing a false form of payment that makes the account default to the first provided payment upon adding funds that become available on family accounts.
[Update] We have included some examples near the bottom of the article that are highly supportive that the exploit published today is very real and has been going on for some time now for accounts that have been breached from scams or other means for people to get access to accounts. This does not affect the majority of users out there, especially if they have 2-step verification enabled. Though this is not to say this isn’t an issue that shouldn’t go unnoticed as in the examples supplied its clear it can be harmful to folks who aren’t informed as many of us on the internet.
Original Story
Basically, how the exploit operates is that typically, PSN requires all credit cards to supply them with their CVV security number. When you normally operate PSN this isn’t something the system usually requests, but when you log in from a different console it will ask you for the CVV number of the credit card on file (if you have one) before you can proceed to log-in. However due to a very easy exploit, if a thief was to get their hands on someones PlayStation user’s account, they could potentially rack up victim’s credit cards without even knowing their CVV number as the process bypasses the requirement.
 
Being that they have to have a stolen account isn't this a bit overblown? when someone steals your account I just assume they'd have access to any CC info that you leave on the account.
 
Make sure to turn on 2 step verification for all your accounts. Sony has supported this for awhile now. Only takes a minute to set up.

Sign on to your account on the web and click security and set a mobile number. Then, when you sign on to your account for the first time, you get a code confirming it. Takes a few seconds and really makes it hard for someone to get into your account (not to mention alerts you right away that something is going on). Once you confirm a device, you don't need to enter the code again.
 
  • Like
Reactions: Frozpot and JinCA