Recently, Sony’s gaming division has been under the spotlight after announcing PlayStation Plus price hikes and plans to scale back on PC support. Now, the company is once again facing backlash, this time over a troubling security flaw that could put PlayStation accounts at risk. This was revealed after Colin Moriarty, an ex-IGN staffer and co-founder of Kinda Funny, wrote that his PlayStation Network account had been compromised. Posting on X, Moriarty claimed his account was hacked as part of an alleged attack targeting both ‘random and prominent’ users.
“Indeed, I was told by someone a few days ago that I was going to be targeted, and he was right,” Moriarty wrote with an attached screenshot of their discussions, adding that the person warning him had also been hacked. Thankfully, just four hours later, Moriarty confirmed he had recovered the account. “With the help of my friends and connections at Sony, I got my account back,” he wrote in a follow-up post.
While it sounds like it’s targeted only at high-profile gamers, what’s more worrying is the alleged method behind the attack itself. YouTuber and X user PyoWhitewolf, also known as Mrpyo1, points to a much larger problem that could happen to anyone. “Please share this everywhere, Sony has a huge security issue,” he wrote.
According to Mrpyo1, accessing someone else’s PlayStation account is extremely easy. Attackers would only need your public PSN ID along with a piece of ‘old transaction data.’ This can be a random PS Store order number or the last four digits of a payment card previously used on the account.
From there, all they need to do is contact Sony support — or even use the automated recovery tool — and give said information as ‘proof of ownership’ of the account. Allegedly, Sony’s support system will instantly allow the attacker to change the email address linked to the account and disable two-factor authentication (2FA). All can be done quickly without even requiring full access to the victim’s account.
“Yes you read that right, people can disable mfa and change your Playstation email account if they manage to fool the Sony support,” he added, claiming that many other PlayStation owners have been affected by this social engineering trick. And it did not take long for other users to share their own experiences.
“Same happened with me i have 2 accounts […], both got hacked and leaked,” replied @md_s1_ to Moriarty’s X post. Another user, @SwagPerfect88, chimed in, “I went through this twice first time-didn’t use it for three days got hacked changed my email and everything second time my password I had set up wasn’t working changed it immediately.”
Sony has yet to publicly comment on the alleged issue at the time of writing. Still, with enough players reporting similar experiences, enabling extra security may not guarantee your accounts are safe. If you need help with PSN account recovery or customer service, you can access PlayStation’s official Account Management and Contact pages.
