In a comprehensive report published on their website, Multiplayer First (MP1ST) revealed the massive security exploit that can leave anyone’s PlayStation Network (PSN) account vulnerable to hacks along with their credit card information.
Apparently, this security flaw has existed for years now in Sony’s network systems, leaving potentially millions of PSN accounts vulnerable to hacks. This security gap, if exploited, can allow hackers and scammers to access the victims PlayStation Network (PSN) accounts along with their credit card information.
Usually, PSN requires all users to supply them with their CVV security number when they register their credit card information. According to PSN current login authentication model, whenever a user tries to login into their PSN account from a different console, PlayStation will request that the user supply them with the CVV number associated with that particular credit card. PlayStation then matches that CVV number with what they have on their database for authentication purposes.
This particular security exploit allows hackers to gain access to a victims PSN account without having to supply the CVV number associated with the credit card. This can allow hackers to get access to not only the victim’s PlayStation Network account but also their credit card information.
This security flaw in PlayStation Network has existed for several years now and a lot of accounts have already been hacked. There are numerous reports from victims, claiming that their PSN accounts were hacked with unauthorized purchases made off their credit cards totaling over 1000 dollars. Some have even reported it directly on PlayStation Forums.
Perhaps the worst part of all of this is that Sony was made aware of this vulnerability but they didn’t take it seriously. According to MP1ST’s sources, “It isn’t an exploit with the consoles, it’s an exploit with the network.” The source also reveals that they reported this security exploit via HackerOne (Sony’s own hacking disclosure program). They were made aware of flaw but the company brushed it off as “having no security risk.”
The source even supplied MP1ST with a screenshot of correspondence with Sony where they said the flaw “does not present a significant security risk” and is simply a “fraud issue”.
This isn’t the first time vulnerabilities have been found in PSN’s security. Last year, one user faced immense problems when his account was compromised and Sony just kept resetting his PSN account.
If all of this sounds scary to you, don’t worry. There are a couple of things you can do to protect your PlayStation Network account and your credit card information. Perhaps the best action to take is to activate two-step verification. If anyone tries to login into your account from any location, you will be notified. Furthermore, if only you have access to the verification device, only you will be able to login to your PSN account. You can activate PlayStation’s two-step verification through your PlayStation console or from the official PlayStation Two-Step Guide webpage.
In addition to this, you can also set up a security question as an extra layer of security to prevent your PSN account from being hacked.
— Ask PlayStation (@AskPlayStation) July 4, 2019
So far, Sony hasn’t come forward with a statement about the massive PlayStation Network vulnerability or the potentially hundreds of accounts hacked. It is likely we will be hearing from them soon enough. Meanwhile, use these security options to your advantage and stay safe.