We'll file this one under the "major screw up" category, as it seems Sony has been left vulnerable for years now there has been an exploit that has potentially been costing consumers and allowing thieves to profit. Due to the nature of this PlayStation Security exploit, we won't disclose how to actually do it since, y'know, it's illegal. However we do hope this stirs up awareness for Sony, which according to a user who's filed a claim, that the exploit is still not being acknowledged.
Basically, how the exploit operates is that typically, PSN requires all credit cards to supply them with their CVV security number. When you normally operate PSN this isn't something the system typically requests, but when you log in from a different console it will ask you for this CVV number before you can proceed to log-in. However due to a very easy exploit, if a thief was to get their hands on another PlayStation user's account, they could potentially rack up victim's credit cards without even knowing their CVV number as the bug bypasses the requirement, allowing users to buy content from another account.
"It isn't an exploit with the consoles, it's an exploit with the network" one modder told us in a private message. When we asked a particular user why this exploit is only coming out today in the form of a YouTube video, their response was rather shocking in stating that Sony simply did not care unless it was made public. This exploit has allegedly been around roughly for five full years. The user had claimed that they had sent Sony the exploit in the past, via their own hacking disclosure program, hackerone. The user eventually ended up getting a response that informed them that the exploit served no security risk and was simply fraud. This email was from just today as you can read below.
If this is true then Sony really needs to get this exploit fixed.