• Hey Guest. Check out your NeoGAF Wrapped 2025 results here!

Colin Moriarty had his PSN account hacked. Apparently prominent PSN users are being targeted.

Kotaro

Thread 'Shuhei Yoshida is visiting PlayStation Japan headquarter 0_o'

:messenger_open_mouth: :messenger_open_mouth: :messenger_open_mouth: ....What does it mean????

  • Like
  • Fire
  • Praise the Sun
  • LOL


GIF by NETFLIX
 
Someone mentioned setting up a passkey and I think that's a good idea because that means they would literally need to have the physical device or your own face to scan to get into the account. Which would be far more difficult. Which means if his account got hacked again, it would all but confirm it's someone inside PSN doing this. They'd be the only ones with a workaround for a passkey because they can just alter account info directly.
 
Last edited:
Shifty1897 said:
It's been rumored for years that someone on the inside at PlayStation (support?) is selling access to accounts for cash. They can flip off your 2FA and reset your password and change the email address associated with the account.
Click to expand...

Probably someone in India. That's where most of these scammers come from.
 
Jinzo Prime said:
Didn't he get persona non grata-ed by other journalists and Era-type people? I'm not sure California Playstation is going to help him at all.
Click to expand...

Yeah. But in recent months he has commented about how Playstation PR is talking to him again, and he has always been on friendly terms with people like Neil Druckmann (even had him on the channel for a Sony approved interview a few months ago).
Also he still has 150k followers on Twitter and hosts one of the better known and more popular Playstation themed podcasts.

The random low level customer service employee might not care, but this will eventually reach someone who will realize that not helping him get his account back will do more harm than good to PR.
 
"1.) I wasn't phished, didn't click on any links, didn't randomly put my password somewhere, etc. I am completely positive of this."

Maybe he was exposed to a zero-click attack. Your credentials don't necessarily have to be stolen through sophisticated phishing. Just a consideration, but he might want to check which version of his browser he's using.
 
PauloRoberto said:
Because that's the typical behavior of a attention whore.
Click to expand...

WTF…?

Quick story time: Late November, early December 2012, my original Xbox Live account that I had made when XBL launched back in 2002 was hacked. Because it was the holidays and I was busy, I hadn't been online in a while and only found out my account was hacked when I got a Notice of Enforcement email banning my account for "tampering". I spent three different days doing the run around with Xbox support, and their "investigation" admitted my account was hacked and being used thousands of miles away. But they refused to reinstate the account. Per policy, they claimed, the ban was final.

I was absolutely livid and that was the days before large digital libraries were the norm. I can understand Colin being extremely pissed off. When I lost my Xbox Live account, the most I lost was some DLC and Xbox Live Arcade licenses and 62k gamerscore - a tiny fraction of what Colin stands to lose - and that made me angry enough that I pivoted exclusively to PS3 for the remainder of the generation and got a PS4 before getting an Xbox One.
 
DragoonKain said:
Someone mentioned setting up a passkey and I think that's a good idea because that means they would literally need to have the physical device or your own face to scan to get into the account. Which would be far more difficult. Which means if his account got hacked again, it would all but confirm it's someone inside PSN doing this. They'd be the only ones with a workaround for a passkey because they can just alter account info directly.
Click to expand...
Not with current AI tech it wouldn't.
 
DragoonKain said:
Someone mentioned setting up a passkey and I think that's a good idea because that means they would literally need to have the physical device or your own face to scan to get into the account. Which would be far more difficult. Which means if his account got hacked again, it would all but confirm it's someone inside PSN doing this. They'd be the only ones with a workaround for a passkey because they can just alter account info directly.
Click to expand...
I'm not so sure. Apparently they are using transaction IDs from past purchases to get into accounts. So then support will disable all the things on their end to get you back in.
 
Elios83 said:
How do they get his account hacked with 2FA?
Should be really hard to do it.
Social engineering with the customer support?
Phishing login page in an email?
Or was he hacked on PC or non PlayStation platform and they logged in using cookies?
It's not common stuff anyway.
Click to expand...
Lel. Depending on the type, 2FA isn't hard to breach. Its just a slight inconvenience.

LordCBH said:
Depends. Pretty sure they'd also need access to the physical device the passkey was setup to use (like the users phone, for instance.). Could be mistaken, but all my passkeys want my phone.
Click to expand...
I was specifically referring to that of facial scanning. There are methods to bypass that mechanism. Some recent ways include the usage of AI to mimic facial features.

Regarding passkeys... maybe. Depends on how you store them.
 
Last edited:
From a few days ago:

respawnfirst.com

Sony Still Hasn’t Fixed the Security Issue That Lets Hackers Hijack PlayStation Accounts Through Customer Support

More account hacks are reported via Sony's Customer Support. The security Issue is still not resolved 5 months after it was first reported
respawnfirst.com respawnfirst.com

Six months after it was first reported, a major PSN security issue is still causing account takeovers. French tech journalist Nicolas Lellouche has had his PlayStation Network (PSN) account compromised again, revealing an ongoing unpatched security vulnerability in Sony's account recovery process that puts gamers' library at risk 5 months after it was first reported.



Lellouche, who writes for Numerama, shared the latest incident on X (formerly Twitter) on May 13, 2026, writing in French: "You remember the hacking of my PlayStation account that went around the world and that Sony still hasn't fixed? I got hacked again last night. Here we go again. (Don't buy digital games!)" He attached a screenshot of an email confirming a sign-in ID change on his account.

The core issue is how PlayStation support is verifying account ownership during recovery process. Hackers, or anyone else with the right details such as past purchase information, can gain full access to your PlayStation account; including changing the associated email, password, and disabling security features.

The hacker is also able to bypass 2FA setups so there is literally no stopping a full account takeover, and with help from PlayStation Customer support nonetheless.

All a hacker needs are your transaction IDs and PlayStation support will consider them as some sort of master keys to your account.

Lellouche's initial hack in December 2025 stemmed from an old screenshot he had publicly shared online years earlier, which contained a visible transaction ID. The hacker used it to seize the account, make unauthorized purchases, and lock out the legitimate owner. After Lellouche regained access with Sony's help, the attacker struck again shortly afterward.

After the first hack, Sony did place a "high-risk" protection flag on Lellouche's account. However, it seems the high-risk protection flag had expired since December, when the initial hack happened.

The flaw in Sony's PlayStation account security should be a concern for every account holder. Anyone, who posted about their online purchases on social media platforms are at risk of getting their accounts hacked. With account you lose access to your entire library as well. Because games are tied to the account rather than the hardware, a successful takeover can result in permanent loss of access if the legitimate owner cannot prove ownership to Sony's satisfaction.

It is recommended not to purchase games via PlayStation Store until the issue remains. Sony has not issued a public statement regarding the security flaw. Not long ago, Steam had a similar issue, but the company changed its account recovery policy. For the time being, here's how you can protect yourself from getting hacked:

  • Avoid sharing screenshots or details of purchase confirmations, invoices, or transaction numbers.
  • Be cautious with any public posts that might reveal your PSN username alongside purchase history.
  • Monitor account emails and activity closely.
 
kruis said:
From a few days ago:

respawnfirst.com

Sony Still Hasn’t Fixed the Security Issue That Lets Hackers Hijack PlayStation Accounts Through Customer Support

More account hacks are reported via Sony's Customer Support. The security Issue is still not resolved 5 months after it was first reported
respawnfirst.com respawnfirst.com

Six months after it was first reported, a major PSN security issue is still causing account takeovers. French tech journalist Nicolas Lellouche has had his PlayStation Network (PSN) account compromised again, revealing an ongoing unpatched security vulnerability in Sony's account recovery process that puts gamers' library at risk 5 months after it was first reported.



Lellouche, who writes for Numerama, shared the latest incident on X (formerly Twitter) on May 13, 2026, writing in French: "You remember the hacking of my PlayStation account that went around the world and that Sony still hasn't fixed? I got hacked again last night. Here we go again. (Don't buy digital games!)" He attached a screenshot of an email confirming a sign-in ID change on his account.

The core issue is how PlayStation support is verifying account ownership during recovery process. Hackers, or anyone else with the right details such as past purchase information, can gain full access to your PlayStation account; including changing the associated email, password, and disabling security features.

The hacker is also able to bypass 2FA setups so there is literally no stopping a full account takeover, and with help from PlayStation Customer support nonetheless.

All a hacker needs are your transaction IDs and PlayStation support will consider them as some sort of master keys to your account.

Lellouche's initial hack in December 2025 stemmed from an old screenshot he had publicly shared online years earlier, which contained a visible transaction ID. The hacker used it to seize the account, make unauthorized purchases, and lock out the legitimate owner. After Lellouche regained access with Sony's help, the attacker struck again shortly afterward.

After the first hack, Sony did place a "high-risk" protection flag on Lellouche's account. However, it seems the high-risk protection flag had expired since December, when the initial hack happened.

The flaw in Sony's PlayStation account security should be a concern for every account holder. Anyone, who posted about their online purchases on social media platforms are at risk of getting their accounts hacked. With account you lose access to your entire library as well. Because games are tied to the account rather than the hardware, a successful takeover can result in permanent loss of access if the legitimate owner cannot prove ownership to Sony's satisfaction.

It is recommended not to purchase games via PlayStation Store until the issue remains. Sony has not issued a public statement regarding the security flaw. Not long ago, Steam had a similar issue, but the company changed its account recovery policy. For the time being, here's how you can protect yourself from getting hacked:

  • Avoid sharing screenshots or details of purchase confirmations, invoices, or transaction numbers.
  • Be cautious with any public posts that might reveal your PSN username alongside purchase history.
  • Monitor account emails and activity closely.
Click to expand...





We better get some free games out of this shit.
 
kruis said:
From a few days ago:

respawnfirst.com

Sony Still Hasn’t Fixed the Security Issue That Lets Hackers Hijack PlayStation Accounts Through Customer Support

More account hacks are reported via Sony's Customer Support. The security Issue is still not resolved 5 months after it was first reported
respawnfirst.com respawnfirst.com

Six months after it was first reported, a major PSN security issue is still causing account takeovers. French tech journalist Nicolas Lellouche has had his PlayStation Network (PSN) account compromised again, revealing an ongoing unpatched security vulnerability in Sony's account recovery process that puts gamers' library at risk 5 months after it was first reported.



Lellouche, who writes for Numerama, shared the latest incident on X (formerly Twitter) on May 13, 2026, writing in French: "You remember the hacking of my PlayStation account that went around the world and that Sony still hasn't fixed? I got hacked again last night. Here we go again. (Don't buy digital games!)" He attached a screenshot of an email confirming a sign-in ID change on his account.

The core issue is how PlayStation support is verifying account ownership during recovery process. Hackers, or anyone else with the right details such as past purchase information, can gain full access to your PlayStation account; including changing the associated email, password, and disabling security features.

The hacker is also able to bypass 2FA setups so there is literally no stopping a full account takeover, and with help from PlayStation Customer support nonetheless.

All a hacker needs are your transaction IDs and PlayStation support will consider them as some sort of master keys to your account.

Lellouche's initial hack in December 2025 stemmed from an old screenshot he had publicly shared online years earlier, which contained a visible transaction ID. The hacker used it to seize the account, make unauthorized purchases, and lock out the legitimate owner. After Lellouche regained access with Sony's help, the attacker struck again shortly afterward.

After the first hack, Sony did place a "high-risk" protection flag on Lellouche's account. However, it seems the high-risk protection flag had expired since December, when the initial hack happened.

The flaw in Sony's PlayStation account security should be a concern for every account holder. Anyone, who posted about their online purchases on social media platforms are at risk of getting their accounts hacked. With account you lose access to your entire library as well. Because games are tied to the account rather than the hardware, a successful takeover can result in permanent loss of access if the legitimate owner cannot prove ownership to Sony's satisfaction.

It is recommended not to purchase games via PlayStation Store until the issue remains. Sony has not issued a public statement regarding the security flaw. Not long ago, Steam had a similar issue, but the company changed its account recovery policy. For the time being, here's how you can protect yourself from getting hacked:

  • Avoid sharing screenshots or details of purchase confirmations, invoices, or transaction numbers.
  • Be cautious with any public posts that might reveal your PSN username alongside purchase history.
  • Monitor account emails and activity closely.
Click to expand...

Surprised to hear Steam had the same issue at one point.

This weeks podcast should be interesting.
 
Last edited:
LordCBH said:
A stark reminder: Enable passkeys on your account.
Click to expand...
I must be out of touch. Why are passkeys more secure than 2 factor? Honest question, because I've been ignoring some platforms asking me to switch to them, and maybe I should start setting them up

Not that it matters a huge amount since Steam doesn't support passkeys, but still
 
Last edited:
Fbh said:
KFZ7WB1NP11hid7k.jpg


Sony wants you to go fully digital on Playstation, but then if your account gets hacked they are like
"Yeah maybe we'll do something in 3 weeks, idk, sucks to be you."
Click to expand...
Even a Playstation mouthpiece like Colin got this treatment, if it was a regular customer Jim Ryan would probably come to their house and kick their dog.
 
Elios83 said:
How do they get his account hacked with 2FA?
Should be really hard to do it.
Social engineering with the customer support?
Phishing login page in an email?
Or was he hacked on PC or non PlayStation platform and they logged in using cookies?
It's not common stuff anyway.
Click to expand...
Probably customer service social engineering attack. Could also be an insider at PS support.
 
Last edited:
Remember when Sony took PSN offline for nearly a month and nobody could play online or even sign into their accounts for the duration? Sony have been a joke in this area even before they were in full arrogant mode; I don't see how anyone trusts them enough to build a digital library or even do something as simple as keeping your saved payment info secure.
 
Fbh said:
KFZ7WB1NP11hid7k.jpg


Sony wants you to go fully digital on Playstation, but then if your account gets hacked they are like
"Yeah maybe we'll do something in 3 weeks, idk, sucks to be you."
Click to expand...

and that's why an all digital console should never be a viable option for anyone to buy.

a closed system with 1 store + digital only access is absolute bullshit.
 
Fbh said:
KFZ7WB1NP11hid7k.jpg


Sony wants you to go fully digital on Playstation, but then if your account gets hacked they are like
"Yeah maybe we'll do something in 3 weeks, idk, sucks to be you."
Click to expand...
Incident response isn't some minor task. They might be in the phase of investigating their infrastructure and figuring out the measures to mitigate the causation.

If this affected Colin, it could potentially affect millions of users.
 
Last edited:
At the time this happened, my email started getting spammed with hundreds of random emails from all sorts of sources (SubStack, EA, AliExpress, Slack... shit I'm not even signed up for).
Click to expand...
This is called a mail bomb attack, and it's used (usually with great effectiveness) by hackers when they gain access to one of your online accounts but do not have access to the email associated with that account. The idea is that they have bots / automated scripts that sign you up for all kinds of newsletters and various other email marketing subscriptions that are known to send "welcome" letters to new subscribers. Probably got a ton of "thanks for signing up to our random website, here is 5% off your first purchase" that sort of thing. By nature of the attack, most of these will be from different subscription services so you can't just quickly search for a certain vendor and push "delete all".

The idea is that the bad actors kick off these scripts right before they do something legitimate with the compromised account that would otherwise alert the original account owner. You start getting a flood of garbage in your inbox, and right in the middle of it is something like "thanks for your purchase" or "you just changed your email address on file, we're just writing to let you know". When you have thousands of emails hit your mailbox, most people are going to start deleting stuff in bulk and will usually miss the legitimate email hidden in all the trash.

The important thing to do in this case is to not delete the messages, but to actually evaluate them individually to find the legitimate ones.


I had this happen to me a few years ago where someone gained access to my Amazon account despite me having a passkey, 2FA, and a 64 digit password. They used my on-file credit card to purchase an RTX4090 and have it shipped to a random address in Ohio. Thankfully I work in cybersecurity and recognized the attack right away, and was able to find the Amazon email within about 60 seconds of it hitting my inbox. Contacted Amazon support right away, and they were able to cancel the order and reverse the charges. Filed a police report that got escalated to the FBI because it crossed state lines and exceeded $1,000. During the course of their investigation they found that my account was indeed compromised by someone simply claiming to be me (provided my name and address) to a low-level Amazon support agent who helped them place the order over the phone without even needing to sign in to my account. They were either dumb or confident, as the address they had put as the delivery address on the order turned out to actually be their home address.
 
Jinzo Prime said:
Even on PC, I don't use Steam exclusively.
Click to expand...

and even if you did, you could probably crack your downloaded/bought games if something like this happened to you, without having to jump through 20 hoops to jailbreak your PC first.

on PC, the moment a service provider fucks you over, you can just give them the middle finger right back. on a closed system that's basically impossible.
 
If it's really someone from the inside then I guess this is what happens when you hire the world's biggest scammers, aka Canadians, to be your fucking Support.

On a similar note, for the past few years, every single time I order something and the delivery is from Purolator, I somehow get a phising text talking about my order is being held. Some piece of shit on the inside is feeding info.
 
Last edited:
Hypereides said:
Incident response isn't some minor task. They might be in the phase of investigating their infrastructure and figuring out the measures to mitigate the causation.

If this affected Colin, it could potentially affect millions of users.
Click to expand...
I do agree with this. Also when you do a root cause analysis for something like this the response could have potential legal implications so a lot of time is spent by engineering to make sure they identify exactly what happened and then PR and legal take even longer spinning it into an official statement.
 
Last edited:
I mean the idea they couldn't lock the account whilst they investigtae is insane, don't they do it at the drop of hat if someone does a charge back?
 
Fbh said:
KFZ7WB1NP11hid7k.jpg


Sony wants you to go fully digital on Playstation, but then if your account gets hacked they are like
"Yeah maybe we'll do something in 3 weeks, idk, sucks to be you."
Click to expand...
Insane that the turn around time is that long.

Scary to think that this can happen to anyone even after changing password and 2fa.
 
Bojji said:
So he only uses PS consoles?
Click to expand...
I mean likely, but also remember he's likely all digital and built a collection on PS4. If my 20+ year old steam account was hijacked and I couldn't get of back I'm sorry but I'm absolutely not starting over - I'd call it a day and move on, maybe buy a SNES or something
 
Last edited:
uncreativename said:
I must be out of touch. Why are passkeys more secure than 2 factor? Honest question, because I've been ignoring some platforms asking me to switch to them, and maybe I should start setting them up

Not that it matters a huge amount since Steam doesn't support passkeys, but still
Click to expand...
TLDR they should be immune to sim swapping and 2FA bypasses like this.
 
DragoonKain said:
Behavior? He's spent thousands of hours of his life building up trophies and a lot of your purchased DLC, games, save data is tied to it. I think it's perfectly reasonable to be so frustrated with a company to essentially say "Fuck you, I'm done with you" if they can't help him out here, when they should be able to very easily.
Click to expand...
I get all this, but I don't get quitting gaming and podcasting over it, that's the part that makes him seem like an impetuous child. I've had my accounts hacked, and man it was a pain in the ass to get em back, but I would never say I'm quitting a hobby over such a thing, as it just comes off very boyish.
 
poodaddy said:
but I would never say I'm quitting a hobby over such a thing
Click to expand...
Its way more than a hobby for him, this is his business. He has branched out into game development indi style though. I wouldn't have thought it had enough traction yet to let him drop Last Stand Media.

Basically I'd just take it as a knee jerk, WTF reaction to the hack. Childish? maybe but if you put yourself in his shoes you might have a head just about ready to explode.
 
Last edited:
Ashamam said:
Its way more than a hobby for him, this is his business. He has branched out into game development indi style though. I wouldn't have thought it had enough traction yet to let him drop Last Stand Media.

Basically I'd just take it as a knee jerk, WTF reaction to the hack. Childish? maybe but if you put yourself in his shoes you might have a head just about ready to explode.
Click to expand...
I get what you're saying, we say weird stuff when we're emotional. I'm sure it'll all work out for him though, he's got a lot of pull and public notoriety, so I'm sure he'll be able to get Sony to pay attention.
 
Kerotan said:
Petition to Sony not to help him out?
Click to expand...
Why? Colin might not be everyone's cup of tea, but he is way better than the likes of Jez or Destin. More than happy to throw shade at Sony where he feels its deserved, definitely not a mouthpiece. Independent is definitely how I perceive him, although I could come up with less flattering descriptors as well.
 
Last edited:
You must log in or register to reply here.

Similar threads

[Insider Gaming]: Sony PlayStation Accounts Are Reportedly Being Hacked With Ease
2
53
71
DenchDeckard replied
Uhhh… where are the psn deals?
2
57
363
Platinumstorm replied
Hasan Kahraman was spotted playing Abandoned: Gospels of Blood on his PSN profile
38
601
MudoSkills replied
Uncharted 4 10th anniversary PSN avatars
Community 
41
181
Agent X replied
Colin finally got to interview Alyssa
40
41
BigBeauford replied
Top Bottom