If this is the case, it's no different to how Apple and Google do things with family setups.
This might be a whole load of nothing.
-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
-
We have made minor adjustments to how the search bar works on ResetEra. You can read about the changes here.
PlayStation Security Exploit Allows Hackers With Access To An Account To Use Credit Card Info w/o Needing the CVV [UPDATE:It's probably nothing]
- Thread starter Cranster
- Start date
If this is the case, it's no different to how Apple and Google do things with family setups.
This might be a whole load of nothing.
This is probably nothing
Yeah I see what's going on here. This is a nothingburger and the exact same thing could happen if a Google or Apple account got compromised with CC details saved.
I'm asked religiously by Amazon for CVV when shipping to a new address, but I don't think I've ever been asked for digital (audible) purchases, which seems the closer analog. I'll test that again though to be sure...
You're right though, that if Sony intended this extra layer of fraud prevention, they should fix any ways to bypass it. But it sounds like a failure of their extra paranoia than a failure to implement policies required by e.g. card issuers.
edit - On that matter of Amazon's CVV policy, I tested just now with Audible, on a non-subscription purchase, on a machine I've never used for it before, and it didn't ask for my CVV.
Last edited:
I've edited the thread title to be less alarmist. Until further information comes out that suggests that this is worse than it seems it's best we don't spread FUD.
This is an online exploit that's been around for some time. I've heard of it before being used on google but also something that is easily traced.
I'm not sure it's specific to a consoles.
I'm not sure it's specific to a consoles.
I would either edit the OP or put a threadmark about this being nothing (well, not nothing, but an exploit that exists in pretty much every service).
Well, the wider situation is not really an exploit - card issuers just don't seem to require refreshing tokens in this context. So in that sense you're not any more vulnerable to fraud than on other services that don't require a CVV re-entry on new machines. These policies are by design rather than by omission it seems.
Where there is a failure here is that Sony seemingly does intend, on its own part, to ask for a CVV re-entry on a new machine. It seems to intend to go beyond what card issuers require. But there's a way to get past that seemingly. - so if Sony wants this extra layer of fraud prevention to be effective they should fix that.
The problem is some media outlets will report this sourcing ERA, we should be careful as Windrunner said we don't want to spread FUD
Well if the account is already hacked the hacker can just turn off 2FA.
Brilliant. If they got through your 2FA you got bigger problems.
One could probably compile some decent statistics around number of posters who clearly do not read the original post when they initially reply. First page here does paint a pretty picture of this.
People know nothing came of that right?
Everyone's card details were encrypted, there were no real verified occasions of details being stolen and money being taken from anyone. Sony even offered insurance for anyone affected and came out and said that there were no incidents of fraud related do the 2011 PSN incident.
You can definitely tell who took the time to read the article and who didn't.
There's plenty to criticise Sony over (why are they still only allowing SMS 2FA?) but this aint it.
Looking at the videos, if there is an exploit, it seems to be due to when you add payment info by the website and then confirm that info on the console, then all payment infos become trusted on the console. Although that isn't completely proven by the videos.
Why would anyone use a cc on a Sony service after what happened a couple of years ago?
Ok maybe not everyone is aware, I'm sure most gamers are though.
[EDIT I didn't see the update, ugh, gonna read...]
Ok maybe not everyone is aware, I'm sure most gamers are though.
[EDIT I didn't see the update, ugh, gonna read...]
Actually, you been effed once they got the account, so..........
I have to wonder how now a days one would manage to get someones psn unless they shared the account?
Typically by using the same password everywhere on the Internet so when there's one breach, everything becomes wide open.
You keep putting the cart before the horse. If they got past your 2FA to actually get your account like I said you have much bigger problems because that means they have access to your emails and cell texts.
Not every-time it doesn't. I've never been asked to do it on digital purchases when i bought them from a new machine. Last week, I bought a kindle book at my mom's house on a new computer she got and amazon didn't ask for a CVV. That is probably more comparable than shipping a physical product to a new address than something digital. And as stated before ms, google, apple, steam, etc all do it this way. Once you have verified your account and cc info once, it will be stored unless you turn on an option to ask every time or never store your cc info. If you have 2fa on, your likely not going to be effected by this. You would only be effected if your account is hacked and then they could make multiple accounts sub accounts and purchase things without needing your cc info. I will agree sony should address this(as should all other companies instead of just going "do you have 2fa on? No? Meh not our fault"), but wanted to point out that amazon doesn't do this every time like you claimed.
Read about this yesterday and decided not to post any kind of hot takes because I was expecting for more developments to come out. Glad to have done that and avoiding looking like a fool lol, I already went through that when Sony supposedly was holding back Destiny 2 cross-progression or whatever it was, only for it to not be true and eating fresh crow.
I liferally ordered some equipment and conversion cables from my office using a coworkers computer, and added my office's address to ship it there (had never done so before) using my amazon login.
Didn't get asked for CVV.
This is nothing, but I would still urge anyone to not give Sony their credit card info directly. I haven't since 2011.
Good rule for all companies really, but Sony in particular after that hack.
Good rule for all companies really, but Sony in particular after that hack.