[Update - May 13, 2026 - 7:00 am] In the promised follow-up report, Numerama's Nicolas Lellouche confirmed that the fatal security flaw with Sony's security systems lies in how the account ownership is verified, which still hasn't been fixed 6 months after the initial reporting.
Hackers managed to hack the journalist's PlayStation Network account twice using a transaction number, which was asked as proof of account ownership, a number that was obtained via a screenshot shared by the account's owner. The procedure is obviously flawed, and not only because no other data was requested to provide proof of ownership, but also because three consecutive requests related to the same account did not raise suspicion.
Hopefully, now that the issue has been raised, Sony will improve their support procedures to prevent yet another case of social engineering from becoming a massive security risk for users.
Original story follows.
[Original Story] PlayStation and security: a match made in hell. Following the major PlayStation Network crash of 2011, which brought the network down for 23 days, users often encountered various issues, including account security concerns and prolonged downtime, sometimes caused by DDoS attacks.
Judging from a new report, however, all these may pale in comparison to the possibility of an account being hacked, even with every security measure in place, including 2FA and passkey.
Yesterday, Nicolas Lellouche, tech journalist at French publication Numerama, reported on X that their PlayStation Network account protected with a passkey has been hacked, as an unknown user was able to change the associated email and password, and even spend money from a linked payment method.
The story took a bizarre turn after Lellouche initially recovered the account through PlayStation Support, only for the hacker to seize control a second time. In an ironic twist, Lellouche spent the evening communicating with the hacker, who reportedly detailed how their method bypasses modern security measures.
While Nicolas Lellouche has promised an in-depth follow-up to this story (which will be added to this post once it is live), he summarized what happened in a now-deleted message on X, which has been saved by ResetERA forums member Arubedo. Reportedly, the hacker is taking advantage of a "a fatal security flaw with Sony's security systems" to hack PlayStation Network accounts, requiring only the associated email address, as they are apparently using internal tools. This, if true, is likely the core of the issue, as knowing a public email address shouldn't normally constitute a security risk.
Ultimately, their account was targeted because a screenshot showing the email address associated with the account had been shared online in the past, and hackers are reportedly "collecting screenshots of that type to take over accounts and making sure the owners never manage to get them back."
Without the follow-up report and a final confirmation of a potential massive issue, there's no way to know if all PlayStation Network accounts are genuinely at risk. For the time being, the basic security measures remain the best: avoid sharing personal information online and use prepaid cards whenever possible to make purchases on any digital store. Losing access to a digital library is bad, but having money stolen is considerably worse
About the author: Francesco De Meo has been covering video games and technology since 2012, starting his career at small outlets like Gamersyndrome and GeekSnack. After joining Wccftech gaming section in 2015, he quickly expanded his video gaming coverage with in-depth reporting, interviews with iconic industry figures such as Grasshopper Manufacture founder and No More Heroes creator Goichi "Suda51" Suda, Resident Evil series creator Shinji Mikami, Team NINJA's president and Nioh series director Fumihiko Yasuda, and Silent Hill creator Keiichiro Toyama, reviews and on-the-ground coverage of major industry events such as Gamescom and E3. When he's not reporting or reviewing, Francesco can be found playing the genres he loves most, spending time with his six cats, reading, writing music, playing guitar and drumming for his progressive rock band.
Follow Wccftech on Google to get more of our news coverage in your feeds.
