A serious PlayStation Network account security issue may still not be fixed, months after it was first reported.
Back in December 2025, reports claimed that PSN accounts could be taken over even when two factor authentication and passkeys were enabled. The problem was not with those security tools directly. The issue was reportedly with PlayStation support’s account recovery process.
According to the report, attackers may only need a transaction number to convince support they own an account. If true, that would let them bypass normal login protections and take control through customer service instead.
The same journalist who originally reported the issue, Numerama’s Nicolas Lellouche, says his PlayStation account has now been hacked again. That is worrying because Sony had reportedly marked the account as high risk, with a note telling customer service not to intervene. That protection appears to have failed or expired after about six months.
Lellouche says the new incident does not look like the same attacker returning. The intruder reportedly did not change the account ID and played different games, which suggests the weakness may still be easy for others to exploit.
Here is the reported situation:
| Issue | Details |
|---|---|
| Platform | PlayStation Network |
| First widely reported | December 2025 |
| Security tools bypassed | 2FA and passkeys, through support recovery |
| Reported weak point | Account ownership verification via transaction number |
| Current status | Reportedly still unresolved |
| Latest incident | Original reporter says his account was hacked again |
The real concern is that digital security becomes less useful if the recovery process is weak. A strong password, 2FA, and passkeys can protect your login, but they cannot fully protect your account if someone can persuade support to change the email or disable access keys.
That is especially serious for PlayStation users because accounts can contain years of purchases, subscriptions, saves, trophies, and online identities. Losing access can mean losing an entire digital library.

Until Sony changes its support process, the safest advice is to avoid sharing anything that could prove purchase history or account ownership. That includes screenshots of receipts, transaction numbers, order confirmations, support chats, or anything showing purchase details.
Basic account security still matters. Users should keep 2FA or passkeys enabled, use a strong unique password, and avoid reusing email passwords. But this report shows that normal security steps may not be enough if account recovery can be abused.
Sony needs to address this at the support level. Recovery requests should require stronger verification than a transaction number, especially when the request involves changing an email, removing passkeys, or disabling the original owner’s access.
For now, PlayStation users should be careful with purchase information. Even small transaction details may be more sensitive than they look.



Discussion (0)
Be the first to comment.