mayham2199
Member
Being bribed is my best guess or these people somehow got one of their own to work there.
-
Hey Guest. Check out your NeoGAF Wrapped 2025 results here!
Colin Moriarty had his PSN account hacked. Apparently prominent PSN users are being targeted.
- Thread starter DragoonKain
- Start date
Topher
Identifies as young
Shifty1897
Member
It's been rumored for years that someone on the inside at PlayStation (support?) is selling access to accounts for cash. They can flip off your 2FA and reset your password and change the email address associated with the account.
DragoonKain
Neighbours from Hell
Someone mentioned setting up a passkey and I think that's a good idea because that means they would literally need to have the physical device or your own face to scan to get into the account. Which would be far more difficult. Which means if his account got hacked again, it would all but confirm it's someone inside PSN doing this. They'd be the only ones with a workaround for a passkey because they can just alter account info directly.
Last edited:
LordCBH
Member
Probably someone in India. That's where most of these scammers come from.
Fbh
Gold Member
Yeah. But in recent months he has commented about how Playstation PR is talking to him again, and he has always been on friendly terms with people like Neil Druckmann (even had him on the channel for a Sony approved interview a few months ago).
Also he still has 150k followers on Twitter and hosts one of the better known and more popular Playstation themed podcasts.
The random low level customer service employee might not care, but this will eventually reach someone who will realize that not helping him get his account back will do more harm than good to PR.
Hypereides
Member
"1.) I wasn't phished, didn't click on any links, didn't randomly put my password somewhere, etc. I am completely positive of this."
Maybe he was exposed to a zero-click attack. Your credentials don't necessarily have to be stolen through sophisticated phishing. Just a consideration, but he might want to check which version of his browser he's using.
Maybe he was exposed to a zero-click attack. Your credentials don't necessarily have to be stolen through sophisticated phishing. Just a consideration, but he might want to check which version of his browser he's using.
adamsapple
Or is it just one of Phil's balls in my throat?
CCTV footage of Shu on his visit to the Playstation HQ
Nydius
Member
WTF…?
Quick story time: Late November, early December 2012, my original Xbox Live account that I had made when XBL launched back in 2002 was hacked. Because it was the holidays and I was busy, I hadn't been online in a while and only found out my account was hacked when I got a Notice of Enforcement email banning my account for "tampering". I spent three different days doing the run around with Xbox support, and their "investigation" admitted my account was hacked and being used thousands of miles away. But they refused to reinstate the account. Per policy, they claimed, the ban was final.
I was absolutely livid and that was the days before large digital libraries were the norm. I can understand Colin being extremely pissed off. When I lost my Xbox Live account, the most I lost was some DLC and Xbox Live Arcade licenses and 62k gamerscore - a tiny fraction of what Colin stands to lose - and that made me angry enough that I pivoted exclusively to PS3 for the remainder of the generation and got a PS4 before getting an Xbox One.
Hypereides
Member
Not with current AI tech it wouldn't.
LordCBH
Member
Depends. Pretty sure they'd also need access to the physical device the passkey was setup to use (like the users phone, for instance.). Could be mistaken, but all my passkeys want my phone.
mayham2199
Member
I'm not so sure. Apparently they are using transaction IDs from past purchases to get into accounts. So then support will disable all the things on their end to get you back in.
RickMasters
Member
Hmmm... P as the first letter of the senders account/name... It wasn't a warning, it was a threat.
Holy shit the console war is back on! Finally. I'm ready to rock some ass. Who wanna rack some ass? Let's rack some ass! Let's pound on the nerds first.
Hypereides
Member
Lel. Depending on the type, 2FA isn't hard to breach. Its just a slight inconvenience.
I was specifically referring to that of facial scanning. There are methods to bypass that mechanism. Some recent ways include the usage of AI to mimic facial features.
Regarding passkeys... maybe. Depends on how you store them.
Last edited:
Giallo Corsa
Member
Best I can do is Horizon Hunters Gathering
kruis
Exposing the sinister cartel of retailers who allow companies to pay for advertising space.
From a few days ago:
respawnfirst.com
Six months after it was first reported, a major PSN security issue is still causing account takeovers. French tech journalist Nicolas Lellouche has had his PlayStation Network (PSN) account compromised again, revealing an ongoing unpatched security vulnerability in Sony's account recovery process that puts gamers' library at risk 5 months after it was first reported.
Lellouche, who writes for Numerama, shared the latest incident on X (formerly Twitter) on May 13, 2026, writing in French: "You remember the hacking of my PlayStation account that went around the world and that Sony still hasn't fixed? I got hacked again last night. Here we go again. (Don't buy digital games!)" He attached a screenshot of an email confirming a sign-in ID change on his account.
The core issue is how PlayStation support is verifying account ownership during recovery process. Hackers, or anyone else with the right details such as past purchase information, can gain full access to your PlayStation account; including changing the associated email, password, and disabling security features.
The hacker is also able to bypass 2FA setups so there is literally no stopping a full account takeover, and with help from PlayStation Customer support nonetheless.
All a hacker needs are your transaction IDs and PlayStation support will consider them as some sort of master keys to your account.
Lellouche's initial hack in December 2025 stemmed from an old screenshot he had publicly shared online years earlier, which contained a visible transaction ID. The hacker used it to seize the account, make unauthorized purchases, and lock out the legitimate owner. After Lellouche regained access with Sony's help, the attacker struck again shortly afterward.
After the first hack, Sony did place a "high-risk" protection flag on Lellouche's account. However, it seems the high-risk protection flag had expired since December, when the initial hack happened.
The flaw in Sony's PlayStation account security should be a concern for every account holder. Anyone, who posted about their online purchases on social media platforms are at risk of getting their accounts hacked. With account you lose access to your entire library as well. Because games are tied to the account rather than the hardware, a successful takeover can result in permanent loss of access if the legitimate owner cannot prove ownership to Sony's satisfaction.
It is recommended not to purchase games via PlayStation Store until the issue remains. Sony has not issued a public statement regarding the security flaw. Not long ago, Steam had a similar issue, but the company changed its account recovery policy. For the time being, here's how you can protect yourself from getting hacked:
Sony Still Hasn’t Fixed the Security Issue That Lets Hackers Hijack PlayStation Accounts Through Customer Support
More account hacks are reported via Sony's Customer Support. The security Issue is still not resolved 5 months after it was first reported
respawnfirst.com
Six months after it was first reported, a major PSN security issue is still causing account takeovers. French tech journalist Nicolas Lellouche has had his PlayStation Network (PSN) account compromised again, revealing an ongoing unpatched security vulnerability in Sony's account recovery process that puts gamers' library at risk 5 months after it was first reported.
Lellouche, who writes for Numerama, shared the latest incident on X (formerly Twitter) on May 13, 2026, writing in French: "You remember the hacking of my PlayStation account that went around the world and that Sony still hasn't fixed? I got hacked again last night. Here we go again. (Don't buy digital games!)" He attached a screenshot of an email confirming a sign-in ID change on his account.
The core issue is how PlayStation support is verifying account ownership during recovery process. Hackers, or anyone else with the right details such as past purchase information, can gain full access to your PlayStation account; including changing the associated email, password, and disabling security features.
The hacker is also able to bypass 2FA setups so there is literally no stopping a full account takeover, and with help from PlayStation Customer support nonetheless.
All a hacker needs are your transaction IDs and PlayStation support will consider them as some sort of master keys to your account.
Lellouche's initial hack in December 2025 stemmed from an old screenshot he had publicly shared online years earlier, which contained a visible transaction ID. The hacker used it to seize the account, make unauthorized purchases, and lock out the legitimate owner. After Lellouche regained access with Sony's help, the attacker struck again shortly afterward.
After the first hack, Sony did place a "high-risk" protection flag on Lellouche's account. However, it seems the high-risk protection flag had expired since December, when the initial hack happened.
The flaw in Sony's PlayStation account security should be a concern for every account holder. Anyone, who posted about their online purchases on social media platforms are at risk of getting their accounts hacked. With account you lose access to your entire library as well. Because games are tied to the account rather than the hardware, a successful takeover can result in permanent loss of access if the legitimate owner cannot prove ownership to Sony's satisfaction.
It is recommended not to purchase games via PlayStation Store until the issue remains. Sony has not issued a public statement regarding the security flaw. Not long ago, Steam had a similar issue, but the company changed its account recovery policy. For the time being, here's how you can protect yourself from getting hacked:
- Avoid sharing screenshots or details of purchase confirmations, invoices, or transaction numbers.
- Be cautious with any public posts that might reveal your PSN username alongside purchase history.
- Monitor account emails and activity closely.
adamsapple
Or is it just one of Phil's balls in my throat?
From a few days ago:
Sony Still Hasn’t Fixed the Security Issue That Lets Hackers Hijack PlayStation Accounts Through Customer Support
More account hacks are reported via Sony's Customer Support. The security Issue is still not resolved 5 months after it was first reported
Six months after it was first reported, a major PSN security issue is still causing account takeovers. French tech journalist Nicolas Lellouche has had his PlayStation Network (PSN) account compromised again, revealing an ongoing unpatched security vulnerability in Sony's account recovery process that puts gamers' library at risk 5 months after it was first reported.
Lellouche, who writes for Numerama, shared the latest incident on X (formerly Twitter) on May 13, 2026, writing in French: "You remember the hacking of my PlayStation account that went around the world and that Sony still hasn't fixed? I got hacked again last night. Here we go again. (Don't buy digital games!)" He attached a screenshot of an email confirming a sign-in ID change on his account.
The core issue is how PlayStation support is verifying account ownership during recovery process. Hackers, or anyone else with the right details such as past purchase information, can gain full access to your PlayStation account; including changing the associated email, password, and disabling security features.
The hacker is also able to bypass 2FA setups so there is literally no stopping a full account takeover, and with help from PlayStation Customer support nonetheless.
All a hacker needs are your transaction IDs and PlayStation support will consider them as some sort of master keys to your account.
Lellouche's initial hack in December 2025 stemmed from an old screenshot he had publicly shared online years earlier, which contained a visible transaction ID. The hacker used it to seize the account, make unauthorized purchases, and lock out the legitimate owner. After Lellouche regained access with Sony's help, the attacker struck again shortly afterward.
After the first hack, Sony did place a "high-risk" protection flag on Lellouche's account. However, it seems the high-risk protection flag had expired since December, when the initial hack happened.
The flaw in Sony's PlayStation account security should be a concern for every account holder. Anyone, who posted about their online purchases on social media platforms are at risk of getting their accounts hacked. With account you lose access to your entire library as well. Because games are tied to the account rather than the hardware, a successful takeover can result in permanent loss of access if the legitimate owner cannot prove ownership to Sony's satisfaction.
It is recommended not to purchase games via PlayStation Store until the issue remains. Sony has not issued a public statement regarding the security flaw. Not long ago, Steam had a similar issue, but the company changed its account recovery policy. For the time being, here's how you can protect yourself from getting hacked:
- Avoid sharing screenshots or details of purchase confirmations, invoices, or transaction numbers.
- Be cautious with any public posts that might reveal your PSN username alongside purchase history.
- Monitor account emails and activity closely.
We better get some free games out of this shit.
mayham2199
Member
From a few days ago:
Sony Still Hasn’t Fixed the Security Issue That Lets Hackers Hijack PlayStation Accounts Through Customer Support
More account hacks are reported via Sony's Customer Support. The security Issue is still not resolved 5 months after it was first reported
Six months after it was first reported, a major PSN security issue is still causing account takeovers. French tech journalist Nicolas Lellouche has had his PlayStation Network (PSN) account compromised again, revealing an ongoing unpatched security vulnerability in Sony's account recovery process that puts gamers' library at risk 5 months after it was first reported.
Lellouche, who writes for Numerama, shared the latest incident on X (formerly Twitter) on May 13, 2026, writing in French: "You remember the hacking of my PlayStation account that went around the world and that Sony still hasn't fixed? I got hacked again last night. Here we go again. (Don't buy digital games!)" He attached a screenshot of an email confirming a sign-in ID change on his account.
The core issue is how PlayStation support is verifying account ownership during recovery process. Hackers, or anyone else with the right details such as past purchase information, can gain full access to your PlayStation account; including changing the associated email, password, and disabling security features.
The hacker is also able to bypass 2FA setups so there is literally no stopping a full account takeover, and with help from PlayStation Customer support nonetheless.
All a hacker needs are your transaction IDs and PlayStation support will consider them as some sort of master keys to your account.
Lellouche's initial hack in December 2025 stemmed from an old screenshot he had publicly shared online years earlier, which contained a visible transaction ID. The hacker used it to seize the account, make unauthorized purchases, and lock out the legitimate owner. After Lellouche regained access with Sony's help, the attacker struck again shortly afterward.
After the first hack, Sony did place a "high-risk" protection flag on Lellouche's account. However, it seems the high-risk protection flag had expired since December, when the initial hack happened.
The flaw in Sony's PlayStation account security should be a concern for every account holder. Anyone, who posted about their online purchases on social media platforms are at risk of getting their accounts hacked. With account you lose access to your entire library as well. Because games are tied to the account rather than the hardware, a successful takeover can result in permanent loss of access if the legitimate owner cannot prove ownership to Sony's satisfaction.
It is recommended not to purchase games via PlayStation Store until the issue remains. Sony has not issued a public statement regarding the security flaw. Not long ago, Steam had a similar issue, but the company changed its account recovery policy. For the time being, here's how you can protect yourself from getting hacked:
- Avoid sharing screenshots or details of purchase confirmations, invoices, or transaction numbers.
- Be cautious with any public posts that might reveal your PSN username alongside purchase history.
- Monitor account emails and activity closely.
Surprised to hear Steam had the same issue at one point.
This weeks podcast should be interesting.
Last edited:
uncreativename
Member
I must be out of touch. Why are passkeys more secure than 2 factor? Honest question, because I've been ignoring some platforms asking me to switch to them, and maybe I should start setting them up
Not that it matters a huge amount since Steam doesn't support passkeys, but still
Last edited:
Moondoggy
Member
Even a Playstation mouthpiece like Colin got this treatment, if it was a regular customer Jim Ryan would probably come to their house and kick their dog.
Sony wants you to go fully digital on Playstation, but then if your account gets hacked they are like
"Yeah maybe we'll do something in 3 weeks, idk, sucks to be you."
The_hunter
Member
Probably customer service social engineering attack. Could also be an insider at PS support.
Last edited:
adamsapple
Or is it just one of Phil's balls in my throat?
Kagoshima_Luke
Gold Member
Remember when Sony took PSN offline for nearly a month and nobody could play online or even sign into their accounts for the duration? Sony have been a joke in this area even before they were in full arrogant mode; I don't see how anyone trusts them enough to build a digital library or even do something as simple as keeping your saved payment info secure.
kevboard
Member
Sony wants you to go fully digital on Playstation, but then if your account gets hacked they are like
"Yeah maybe we'll do something in 3 weeks, idk, sucks to be you."
and that's why an all digital console should never be a viable option for anyone to buy.
a closed system with 1 store + digital only access is absolute bullshit.
Hypereides
Member
Incident response isn't some minor task. They might be in the phase of investigating their infrastructure and figuring out the measures to mitigate the causation.
Sony wants you to go fully digital on Playstation, but then if your account gets hacked they are like
"Yeah maybe we'll do something in 3 weeks, idk, sucks to be you."
If this affected Colin, it could potentially affect millions of users.
Last edited:
Kuranghi
Member
Jinzo Prime
Member
Even on PC, I don't use Steam exclusively.
jshackles
Gentlemen, we can rebuild it. We have the capability to make the world's first enhanced store. Steam will be that store. Better than it was before.
This is called a mail bomb attack, and it's used (usually with great effectiveness) by hackers when they gain access to one of your online accounts but do not have access to the email associated with that account. The idea is that they have bots / automated scripts that sign you up for all kinds of newsletters and various other email marketing subscriptions that are known to send "welcome" letters to new subscribers. Probably got a ton of "thanks for signing up to our random website, here is 5% off your first purchase" that sort of thing. By nature of the attack, most of these will be from different subscription services so you can't just quickly search for a certain vendor and push "delete all".
The idea is that the bad actors kick off these scripts right before they do something legitimate with the compromised account that would otherwise alert the original account owner. You start getting a flood of garbage in your inbox, and right in the middle of it is something like "thanks for your purchase" or "you just changed your email address on file, we're just writing to let you know". When you have thousands of emails hit your mailbox, most people are going to start deleting stuff in bulk and will usually miss the legitimate email hidden in all the trash.
The important thing to do in this case is to not delete the messages, but to actually evaluate them individually to find the legitimate ones.
I had this happen to me a few years ago where someone gained access to my Amazon account despite me having a passkey, 2FA, and a 64 digit password. They used my on-file credit card to purchase an RTX4090 and have it shipped to a random address in Ohio. Thankfully I work in cybersecurity and recognized the attack right away, and was able to find the Amazon email within about 60 seconds of it hitting my inbox. Contacted Amazon support right away, and they were able to cancel the order and reverse the charges. Filed a police report that got escalated to the FBI because it crossed state lines and exceeded $1,000. During the course of their investigation they found that my account was indeed compromised by someone simply claiming to be me (provided my name and address) to a low-level Amazon support agent who helped them place the order over the phone without even needing to sign in to my account. They were either dumb or confident, as the address they had put as the delivery address on the order turned out to actually be their home address.
kevboard
Member
and even if you did, you could probably crack your downloaded/bought games if something like this happened to you, without having to jump through 20 hoops to jailbreak your PC first.
on PC, the moment a service provider fucks you over, you can just give them the middle finger right back. on a closed system that's basically impossible.
ComputerBlue
Member
If it's really someone from the inside then I guess this is what happens when you hire the world's biggest scammers, aka Canadians, to be your fucking Support.
On a similar note, for the past few years, every single time I order something and the delivery is from Purolator, I somehow get a phising text talking about my order is being held. Some piece of shit on the inside is feeding info.
On a similar note, for the past few years, every single time I order something and the delivery is from Purolator, I somehow get a phising text talking about my order is being held. Some piece of shit on the inside is feeding info.
Last edited:
Shifty1897
Member
I do agree with this. Also when you do a root cause analysis for something like this the response could have potential legal implications so a lot of time is spent by engineering to make sure they identify exactly what happened and then PR and legal take even longer spinning it into an official statement.
Last edited:
Insane that the turn around time is that long.
Sony wants you to go fully digital on Playstation, but then if your account gets hacked they are like
"Yeah maybe we'll do something in 3 weeks, idk, sucks to be you."
Scary to think that this can happen to anyone even after changing password and 2fa.
Puscifer
Member
I mean likely, but also remember he's likely all digital and built a collection on PS4. If my 20+ year old steam account was hijacked and I couldn't get of back I'm sorry but I'm absolutely not starting over - I'd call it a day and move on, maybe buy a SNES or something
Last edited:
Puscifer
Member
TLDR they should be immune to sim swapping and 2FA bypasses like this.
poodaddy
Gold Member
I get all this, but I don't get quitting gaming and podcasting over it, that's the part that makes him seem like an impetuous child. I've had my accounts hacked, and man it was a pain in the ass to get em back, but I would never say I'm quitting a hobby over such a thing, as it just comes off very boyish.
hououinkyouma00
Member
He is and has been for awhile a PlayStation only player.
He's said it's partially because there are already too many games but also because he likes knowing his chosen platform well.
Ashamam
Member
Its way more than a hobby for him, this is his business. He has branched out into game development indi style though. I wouldn't have thought it had enough traction yet to let him drop Last Stand Media.
Basically I'd just take it as a knee jerk, WTF reaction to the hack. Childish? maybe but if you put yourself in his shoes you might have a head just about ready to explode.
Last edited:
Kerotan
Member
Petition to Sony not to help him out?
poodaddy
Gold Member
I get what you're saying, we say weird stuff when we're emotional. I'm sure it'll all work out for him though, he's got a lot of pull and public notoriety, so I'm sure he'll be able to get Sony to pay attention.
Ashamam
Member
Why? Colin might not be everyone's cup of tea, but he is way better than the likes of Jez or Destin. More than happy to throw shade at Sony where he feels its deserved, definitely not a mouthpiece. Independent is definitely how I perceive him, although I could come up with less flattering descriptors as well.
Last edited: