Sony’s customer support has come under fire for startling negligence, with agents reportedly bypassing security protocols to hand over account access to unauthorized individuals without basic verification.
Nicolas Lellouche, a journalist at the French publication Numerama, recently shared his ordeal after his PlayStation Network account was compromised. Despite having robust security measures in place—including passkeys and two-factor authentication (2FA)—an attacker managed to hijack his profile twice in a short span, altering credentials and making fraudulent purchases using linked payment methods.
The incident, which began on December 22, took an unusual turn when Lellouche managed to regain access through support, only to lose it again almost immediately. In a surprising development, the journalist successfully contacted the hacker, who candidly revealed the methodology behind the breach.
The vulnerability lies within Sony’s own account recovery process. According to the perpetrator, an attacker only needs one specific detail: a transaction ID found on old screenshots of PlayStation Store purchases. By presenting this single piece of information, hackers can convince support staff to disable all existing security layers and transfer the account to a new email address. Lellouche’s account was specifically targeted due to a years-old screenshot he had previously posted online.
Reports suggest that bad actors are actively scraping the web for similar images to facilitate mass account takeovers, often leaving the original owners with no recourse to reclaim their digital property.
Lellouche expressed deep frustration with the perceived apathy of Sony’s support team, noting that agents frequently surrender sensitive account control to total strangers without asking even the most fundamental follow-up questions.
Source: iXBT.games