- A journalist has shared how his account was hacked twice in a few hours through a simple conversation with PlayStation Support.
- Since the agents only ask for a username and a past invoice transaction number, bypassing 2FA and passkeys is incredibly easy.
- PlayStation must address this vulnerability as quickly as possible.
PlayStation’s infamous hack happened nearly two decades ago, and since then, the gaming giant has certainly stepped up its network security. Today, millions use the PS4 and PS5 consoles, spending thousands of dollars on digital game purchases, DLC, and more.
However, a new report highlights that users should remain vigilant against potential attacks on PSN accounts. Indeed, a new report has discovered that Sony’s security measures make it all too easy for hackers to hijack accounts, even when 2FA is enabled.
Why it matters: This discovery raises questions regarding the implications of Sony’s poor security measures.
According to journalist Nicolas Lellouche, his PlayStation account was hacked twice in a span of mere hours despite having security measures like 2 Factor Authorization in place and a passkey.
When the account was initially hacked, around $10 was charged on the user’s PayPal account to change the PSN ID. Of course, the hacker had also altered the passkey that was already in place.
After contacting PlayStation support, Nicolas Lellouche regained his account, and the process was surprisingly easy. He only had to share his PSN username and a transaction number from a past invoice.
This is where the problem lay, however, and even though the account was temporarily restored, it was hacked again within an hour. The journalist was then able to contact the hacker by messaging him on his PlayStation account, who confirmed how the hack was executed.
As per the hacker, an old invoice transaction number was the key to the breach. Nicolas Lellouche had previously publicly posted his PlayStation transactions on Twitter, which allowed the hacker to share the account’s username and an old transaction number with PlayStation support to regain access to the account.
The big vulnerability, therefore, lies within the process of PlayStation’s verification itself. Customer support clearly does a poor job of verifying the individual accessing an account, so there is no real way of 100% securing an account in such an instance.
The bad news is that Nicolas Lellouche still does not have access to his account yet. Being a physical games buyer, the journalist was fortunate that his account wasn’t valued as highly as some others.
Digital gaming is bigger than ever today, so the damage could have been a lot worse.
Needless to say, Sony must immediately look into the matter and implement stricter verification. What do you think about this entire incident? Let’s discuss in the comments and on the Tech4Gamers Forums.
Thank you! Please share your positive feedback. 🔋
How could we improve this post? Please Help us. 😔
[Senior News Reporter]
Avinash is currently pursuing a Business degree in Australia. For more than 5 years, he has been working as a gaming journalist, utilizing his writing skills and love for gaming to report on the latest updates in the industry. Avinash loves to play action games like Devil May Cry and has also been mentioned on highly regarded websites, such as IGN, GamesRadar, GameRant, Dualshockers, CBR, and Gamespot.
Join Our Community
