A journalist says a PlayStation Network flaw let attackers hijack his PSN account despite 2FA and a passkey. Is this wider? How to stay safe. Sony silent.
© E. Vartanyan
A storm is brewing around PlayStation Network’s security. Numerama journalist Nicolas Lellouche says his PSN account was taken over despite two-factor authentication and a passkey being enabled. The intruder, he reports, changed the email and password and spent funds from the linked payment method.
The situation escalated after Lellouche regained access through PlayStation support, only to lose the account again shortly after. He then exchanged messages with the attacker, who, according to his account, described the technique in detail. The method allegedly relies on a critical weakness in Sony’s security systems that makes it possible to seize an account knowing only the email address. He suggests the perpetrators may be leveraging some internal tools, which, if true, would make the issue particularly serious.
Lellouche believes he was targeted because of an old screenshot he had posted online that showed the linked email. Attackers, he says, actively search for such images to hijack accounts and even block owners from restoring access through official support channels.
There are no firm conclusions yet: Lellouche plans to publish a deeper investigation later. It remains unclear whether this is an isolated case or a broader problem that could affect more PSN users. Sony has yet to comment. Until there’s clarity, users are advised to share as few personal details as possible and, where feasible, rely on prepaid cards for purchases to limit potential losses. Even if the worst fears don’t pan out, this episode is a reminder that a single exposed email can become a costly weak link.