PlayStation Network Breach Exposes Potential Account Recovery Vulnerability
A recent hacking incident involving a French technology journalist has raised fresh concerns about the security of PlayStation Network (PSN) accounts, after an alleged flaw allowed access despite two-factor authentication being enabled.
The case, first reported by French outlet Numerama, details how the journalist’s PSN account was compromised, with the attacker changing the registered email address and making an unauthorised €9.99 charge linked to a username change. Although the account was initially recovered through Sony’s customer support, it was reportedly breached again less than an hour later.
According to the report, the first recovery call required surprisingly limited information. The journalist said PlayStation support asked only for his PSN username and a transaction reference number from an old invoice, regardless of how far back the purchase dated. Shortly after regaining access, the account was compromised once more.
Unable to immediately reach Sony’s support team a second time, the journalist contacted the hacker directly via messages sent from a newly created PSN account. The attacker allegedly confirmed that the account had been accessed using a transaction number the journalist had previously published online in an old article, suggesting that such details could be exploited during the recovery process.
The hacker also claimed to have built software capable of interacting with Sony’s systems, though this assertion has not been independently verified.
When the journalist later reconnected with PlayStation support, he was asked more extensive verification questions, including his date of birth, original email address and first username associated with the account. His case is currently under review, with the account reportedly suspended while Sony conducts further checks, a process expected to take between five and ten days.
The incident has renewed scrutiny of PSN’s account recovery procedures, particularly as many users have reported repeated account takeovers even after successful recoveries. Sony has yet to publicly comment on the specific allegations raised in the report.
