Today Multiplayer First released a report detailing their research and findings on a PlayStation Network exploit that allows the purchasing of games through the PlayStation Network without knowledge of a Credit Card’s Security Code. This is something that hackers have known about for an extended period of time. If your Credit Card isn’t tied to your account in any way then you shouldn’t have anything to worry about but the exploit requires someone else’s PlayStation account that already has payment information included.
That first barrier of obtaining someone’s PSN information is certainly a big hurdle, but it’s also not completely impossible for PlayStation to have their network compromised. In the Report Multiplayer First spoke with a private contact who explained that it “isn’t an exploit with the consoles, it’s an exploit with the network.” While the PSN requires any purchase to be accompanied with the full card information including adding in the CVV number if the hacker has access to the account though they can create a fake payment that when it fails it will default to the primary form of payment. This same anonymous contributor informed Multiplayer First that this exploit has been known for over 5 years and that even when being submitted as a security breach has been brushed off as serving no security risk.
Obviously, while it was ignored by PlayStation it’s a serious issue for someone to be able to bypass that final security check. The article included a large number of links to tweets, threads on Reddit, and forum posts on both the PlayStation Forums and on GameFAQs. There are a number of people on twitter that are posting the link to the video on how to perform this security exploit as a way of bringing attention to it.
Whether this will get any response from Sony we’ll have to wait to see.
What do you think of this exploit? Do you know anyone affected by this?