PlayStation 5 Pro
PlayStation users are facing a digital nightmare as a major security gap allows hackers to bypass 2FA by simply tricking support agents. Unsplash

Gaming enthusiasts are facing a worrying new reality as reports surface of a major breach within the PlayStation Network.

Despite many users believing their profiles were secure, hackers have found ways to bypass the very safeguards designed to keep them out. This sudden security crisis has left the community wondering if any account is truly safe from intrusion.

Fresh concerns have emerged regarding PlayStation's ongoing security troubles, with evidence suggesting that PSN profiles remain vulnerable despite the use of passkeys and two-factor authentication. Reports indicate that bad actors are successfully hijacking accounts by exploiting Sony's own support staff, needing only a handful of details to talk their way into a user's digital life.

Sony Help Desk Flaw Bypasses Account Security

A recent account from the French outlet Numerama highlights this issue, as tech reporter Nicolas Lellouche explained how his passkey-protected PSN profile was compromised. After gaining entry, the intruder updated the login credentials and racked up charges using the bank card on file.

Even though Lellouche regained access through PlayStation Support, the intruder quickly regained control of the profile. This second breach led to a direct conversation between Lellouche and the culprit, who teased the journalist by suggesting he contact the help desk again.

It has since been established that the primary weakness lies in the way Sony confirms who actually owns a profile. In this instance, the intruder used the account name alongside a single transaction ID found in a screenshot the owner had shared on the web during 2023. These two small pieces of data were the only requirements for Sony to grant the hijacker complete control of the PSN profile.

Further investigation by Lellouche revealed that Sony's staff often settle for the final digits of a bank card or a console's serial number to verify identity. Curiously, the support team fails to request more personal details, such as a full name, a birth date, or even the answer to a pre-set security question.

A Growing Pattern of Vulnerability

This is far from an isolated incident. In the wake of Lellouche's public warning, a wave of similar stories emerged from other players who had fallen victim to the same tactics. For some of these unfortunate users, the situation was even more dire, resulting in the permanent loss of their digital libraries and years of gaming history.

A similar crisis gained significant attention roughly a year ago involving Hakoom, formerly the world's top-ranked trophy hunter. He shared a detailed account of his struggle with both an intruder and the PlayStation help desk. This saga ultimately saw his profile restored, but left his connection with the company's PR team permanently damaged.

Just a few months ago, the community was rocked again when dav1d_123—who currently holds the top spot for trophy hunting—had his credentials stolen and his profile put up for sale on Telegram.

Sony has remained silent on these incidents and has yet to fix the underlying security flaw. Until they address this loophole, which could take considerable time, the safest move is to avoid sharing any PSN-related details or screenshots online for the time being.

Writer's pick
PlayStation PlayStation Network Hacking Hackers