Even if they are protected by two-factor authentication (2FA) and passkeys, PSN accounts can be hacked, and Sony needs to take action!
Following the 2011 PlayStation Network incident, which resulted in a 23-day shutdown, users encountered numerous issues, including account security concerns and extended outages, occasionally triggered by DDoS attacks. However, all of this pales in comparison to the possibility of account hacking, even with all security measures in place, including 2FA and passkeys. Nicolas Lellouche, a tech journalist at Numerama, tweeted that his passkey-protected PSN account had been hacked.
An unknown user was able to change the associated email address and password and spend money from the linked payment method. Lellouche initially restored the account with the help of PlayStation Support, but the hacker took control a second time. He spent the evening communicating with the hackers, who allegedly explained how they bypassed modern security measures.
Aucune idée de comment, mais quelqu’un a réussi à changer le mail et le mot de passe de mon compte @PlayStationFR, pourtant protégé par une clé d’accès.
J’ai perdu accès à mon compte, on m’a pris de l’argent et je ne peux plus me connecter. Changez vos mots de passe ! pic.twitter.com/K8fO6dprwD
— Nicolas Lellouche (@LelloucheNico) December 22, 2025
They are allegedly exploiting a fatal security flaw in Sony’s systems to hack PSN accounts, requiring only the associated email address by using internal tools. If true, this would be the core of the issue, as knowing a public email address does not usually pose a security risk. Lellouche’s account was targeted because a screenshot containing the associated email address had been shared online.
Lellouche confirmed that the fatal flaw lies in how Sony verifies account ownership. Hackers accessed his PlayStation Network account twice using a transaction number requested as proof of ownership, obtained from a screenshot shared by the owner. The process is clearly flawed, not only because no additional verification was required, but also because multiple consecutive requests tied to the same account did not raise suspicion.
Do not share personal information online, and whenever possible, use prepaid cards for digital store purchases. Losing access to a digital library is bad enough, but losing money is even worse.
Forrás: WCCFTech, ResetEra, Numerama
