• Hey Guest. Check out your NeoGAF Wrapped 2025 results here!

Colin Moriarty had his PSN account hacked. Apparently prominent PSN users are being targeted.

Ffs 2FA should be enough for you to feel secure, assuming you've done nothing out of the ordinary to compromise your account. Sony needs to have a thorough investigation why is this happening and how to stop it from happening again. The fact it's happened to a 'celebrity' is a actually a good thing, because it will place a big spotlight on them.
 
poodaddy said:
I get all this, but I don't get quitting gaming and podcasting over it, that's the part that makes him seem like an impetuous child. I've had my accounts hacked, and man it was a pain in the ass to get em back, but I would never say I'm quitting a hobby over such a thing, as it just comes off very boyish.
Click to expand...
But is he's all digital like he's implied that means starting over from step 1 and sure, he could buy it back but why? Like I said if my steam account was hijacked I'm just throwing it up in the air and moving on.
 
xrnzaaas said:
Ffs 2FA should be enough for you to feel secure, assuming you've done nothing out of the ordinary to compromise your account. Sony needs to have a thorough investigation why is this happening and how to stop it from happening again. The fact it's happened to a 'celebrity' is a actually a good thing, because it will place a big spotlight on them.
Click to expand...
Playstation's 2FA has always been dogshit, it's literally never worked. If someone wants your account and has enough information it does nothing.
 
Puscifer said:
But is he's all digital like he's implied that means starting over from step 1 and sure, he could buy it back but why? Like I said if my steam account was hijacked I'm just throwing it up in the air and moving on.
Click to expand...
I understand, I suppose I just don't think someone was ever that invested in a hobby if this is all it took to lose their passion for it.

I once had my GoG account hacked, before they had 2 factor or anything, and it was by someone in Russia, so I literally had to get on the phone with Russian authorities, (that went absolutely nowhere as you might imagine), and CDP in Poland, this was probably around 2012 or 2013, and man it took over a month to get my account back, and that's literally my favorite of all my accounts. Still though, I love this hobby, and I don't think there's any inconvenience that could make me say "I'm out" ......aside from the fact that I have no time to game these days lol, but the will is there! ;)
 
Ashamam said:
Its way more than a hobby for him, this is his business. He has branched out into game development indi style though. I wouldn't have thought it had enough traction yet to let him drop Last Stand Media.

Basically I'd just take it as a knee jerk, WTF reaction to the hack. Childish? maybe but if you put yourself in his shoes you might have a head just about ready to explode.
Click to expand...

He is a multi-millionaire, he can fuck off whenever he pleases. As a high level senior editor at IGN he was probably making like 150K/yr+ for several years before he quit. He sold his stake in Kinda Funny when his Everybody Loves Raymond sitcom joke got him canceled (for probably $1 or $2 million or more) and Last Stand been bringing in, on average, probably over a million dollars a year for nearly 10 years. Meaning his personal compensation has likely been $200k - $400k+/year for nearly 10 years. He no doubt has several million dollars liquid invested and compounding, he has no need to work.
 
Last edited:
This Is Great I Love It GIF by Kinda Funny
 
Ashamam said:
Why? Colin might not be everyone's cup of tea, but he is way better than the likes of Jez or Destin. More than happy to throw shade at Sony where he feels its deserved, definitely not a mouthpiece. Independent is definitely how I perceive him, although I could come up with less flattering descriptors as well.
Click to expand...
It's just a joke.
 
My youngest son got suckered by a dude posing as Steam Support into giving his Steam credentials and the guy tried to extort me. Got on with Steam Support and they put a boot up the scammers ass and got our account back in just a few hours.
 
poodaddy said:
I get all this, but I don't get quitting gaming and podcasting over it, that's the part that makes him seem like an impetuous child. I've had my accounts hacked, and man it was a pain in the ass to get em back, but I would never say I'm quitting a hobby over such a thing, as it just comes off very boyish.
Click to expand...

It's more of an inside joke within the LSM community. He and Dustin would often times go back and forth about digital vs physical. Dustin is on the phyiscal train and Colin all digital. Colin would always say sarcastically that if he lost his digital library and trophies, he'll just stop playing video games.
 
I am happy he got his account back. I hope he was able to get an explanation and can maybe go into more details since if this happened to any of us we would not be so lucky. I doubt they gave him any details though.
 
Isn't this the same thing that happen to that guy with all the trophies? This doesn't sound like a hack, it sounds like someone that works for Sony is doing scummy shit. If it is, they really need to be treating people's accounts like a bank account and have dual control setups for employees that have access to do changes on a person's account.
 
Last edited:
2FA + Password isn't secure in this case.

Sony's 2FA is just SMS which is easily spoofed.

Use a passkey.

Seriously, every single account you have that supports passkeys should use that.

proandrad said:
Isn't this the same thing that happen to that guy with all the trophies? This doesn't sound like a hack, it sounds like someone that works for Sony is doing scummy shit.
Click to expand...

"It's an inside job" is just an excuse from people who don't understand what's really happening. Sony's account recovery system has an open exploit where if you have an order number and a PSN username, you can use that to steal the account. Either they posted a screenshot somewhere that had a order number in it, or someone got into their email, but that's how it's happening.

The fact that they told Colin that they "had his information" proves that's the exploit they used.
 
Last edited:
Hypereides said:
Not with current AI tech it wouldn't.
Click to expand...

A passkey requires the physical device (phone). iPhone ones are stored in your iCloud Keychain.

To crack an iPhone passkey you'd need the phone, and the person's face or fingerprint.

AI can't crack an iPhone when it's locked. iPhones use 256-bit AES encryption, and without a quantum computer even AI can't break that.
 
JORMBO said:
Colin had to get in touch with a bunch of his contacts and still has to wait 3 weeks. What hope does a normal person have if this happens to them?
Click to expand...

Best Sony support can do is an AI chatbot which then closes your issue as resolved within 3 minutes of being transferred to a human who doesn't even make it through reading the initial complaint.
 
DragoonKain said:
For the passkey feature do you need to use it every time you turn on your ps5 or only instances where you have to login again?
Click to expand...
Not that I can tell -

What I read was that it's only if you sign out or change a feature like primary console.

Obviously it's all tied to using a QR code on your phone so, unless I misunderstood that, you'd have to have that with you which is what keeps some one from easily stealing it.
 
xrnzaaas said:
Ffs 2FA should be enough for you to feel secure, assuming you've done nothing out of the ordinary to compromise your account. Sony needs to have a thorough investigation why is this happening and how to stop it from happening again. The fact it's happened to a 'celebrity' is a actually a good thing, because it will place a big spotlight on them.
Click to expand...
It sounds like his email might have been hacked based on the fact that he started getting email spam from other sources like EA, Substack, Slack etc. The hacker was likely using his email to sign up for things or to check for accounts linked to that email to compromise. His email was likely the weak link. If you have access to somebody's email you can recover/change password without 2FA. He should change his email password.
 
Amish Death Metal said:
A passkey requires the physical device (phone). iPhone ones are stored in your iCloud Keychain.

To crack an iPhone passkey you'd need the phone, and the person's face or fingerprint.

AI can't crack an iPhone when it's locked. iPhones use 256-bit AES encryption, and without a quantum computer even AI can't break that.
Click to expand...
2FA and Passkeys are both 'uncrackable' and based on cryptographic keys but 2FA is prone to phishing within the timesensitive window of a valid code. He says he wasn't phished though.

Passkeys are secure from phishing because they use linked cryptographic key pairs. So you can't input a code into a fake website. If you're never phished 2FA is just as secure and can't be cracked.
 
You figure if they hacked his email they would've changed his email password too. Only doing that for PSN but not the email if you are in both doesn't make a lot of sense. I think it's either they tricked a customer service rep to give it to them or they had a transaction ID. Maybe Colin let one ID slip at some point or something on one of his streams.

I think the bribing customer service is less likely. Most of these hackers are broke losers they aren't gonna pay to hack random people, it would be a targeted attack for some type of revenge or done to make money in some type of way. It doesn't make any sense to pay money to bribe someone to hack an account just to fuck around on it for a couple hours nor do I think it's likely.
 
Weird he cares more about his trophies than access to his own library, but good thing it got fixed, and hopefully the stink about it will have them improve their security for everyone else.

I almost entirely buy physical on Playstation when possible, but I have a few digital purchases I'd be bummed about losing.
 
Elios83 said:
How do they get his account hacked with 2FA?
Should be really hard to do it.
Social engineering with the customer support?
Phishing login page in an email?
Or was he hacked on PC or non PlayStation platform and they logged in using cookies?
It's not common stuff anyway.
Click to expand...
2FA means jackshit. My Amazon was hacked with it. It's definitely an inside job.
 
Elios83 said:
How do they get his account hacked with 2FA?
Should be really hard to do it.
Social engineering with the customer support?
Phishing login page in an email?
Or was he hacked on PC or non PlayStation platform and they logged in using cookies?
It's not common stuff anyway.
Click to expand...
Who knows. Maybe hackers have a way of spoofing a phone number? When I log into my bank or gmail I get a text message with a 6 digit code in order to get in.
 
Moondoggy said:
Even a Playstation mouthpiece like Colin got this treatment, if it was a regular customer Jim Ryan would probably come to their house and kick their dog.
Click to expand...
This. If a prominent public figure has to wait three weeks just for an update on his account, what chance do you or I have. This on top of that security vulnerability that's been around for six months with no timetable on a fix and it seems to be that Sony just doesn't care at all about their customers. This company is full of clowns.
 
Most logical explanation - a leftist loon that works for PlayStation that thinks Moriaritys left leaning (social) libertarianism is the 4th reich gave the info out
 
I'm super interested in what he has to say about losing and regaining his account. I have Digital library with PlayStation since PS3 launched. The support is abysmal and they are way too strict and I fucking hate it. Hope this lights a fire under their ass.
 
I do think it's notable the hacker DMed Dustin and told him he's next. Colin has a lot of people who work for him at LSM, why only Dustin.

It could be that Dustin happened to be live streaming with him when it happened. I don't know if the hackers used something that they said or did during the stream to get access.

Or it could be that Dustin is viewed as the "1b" to LSM and this was an attack against LSM in general.
 
Last edited:
I was hoping Colin would see the light

Half Life Laughing GIF


Seriously, though. Good on Sony and I'm glad Colin can go on existing.

Like someone else said. It's the smaller people that really get screwed with these things.

Good on Sony for jumping on it, though.
 
DragoonKain said:


He said he had 2FA set up, didn't fall for any phishing thing, didn't click on any random links, changed his password recently, never put his information anywhere else but on his Playstation. He thinks someone inside Sony is giving away account information. He was also warned it would happen two days before by another user who was hacked and the hackers told him they got Colin's account information.

They also messaged Dustin with Colin's account and told him he's next. Colin said if he doesn't get his account back he's retiring from gaming and podcasting(probably just blowing off steam). We'll see if he gets it back.
Click to expand...

He's a relevant Sony guy to me and always will be.
 
The flood of emails is to disguise the one that truly matters, "your password has been changed on xx", in the noise.

If they had access to his email that's the first one that would have changed, avoiding the need for an email bomb.

The horrific one is when your phone suddenly loses service if you've been SIM swapped. They'll be redirecting OTP SMS to their device with your telephone number.

Passkeys help, but if someone gains access to your account using the password then they can remove your passkey. Some accounts, like Microsoft can remove passwords and SMS and just go via passkey which is much better. Google slightly behind unless you have a hardware key, line a ubikey in which case you can enroll in advanced protection.

Do yourself a favour and spend 10 minutes today locking down.

passkeys.directory

Passkeys.directory

A community-driven index of websites, apps, and services that offer signing in with passkeys.
passkeys.directory passkeys.directory
 
People like Colin probably use their business email as the email for their accounts, which basically means that someone wanting to be a bad actor, already has 1 piece of your account information. His name is public too, so there's the other and his birthday also I assume. Then you just factor in some social engineering on low paid customer service reps and they probably got in real easy.

Or someone at Sony Customer Support is literally being a bad actor and selling accounts (which is also probably true).

Didn't that one Playstation Trophy guy get his account taken and never got it back despite Sony knowing who he was and everything?
 
You must log in or register to reply here.

Similar threads

[Insider Gaming]: Sony PlayStation Accounts Are Reportedly Being Hacked With Ease
2
53
69
DenchDeckard replied
Uhhh… where are the psn deals?
2
57
362
Platinumstorm replied
Hasan Kahraman was spotted playing Abandoned: Gospels of Blood on his PSN profile
38
600
MudoSkills replied
Uncharted 4 10th anniversary PSN avatars
Community 
41
181
Agent X replied
Colin finally got to interview Alyssa
24
25
Gp1 replied
Top Bottom