PSN Account Security Flaw Allows Social Engineering Attacks Through Sony Customer Support

Players are being warned to protect their email addresses and purchase information after reports claim PSN accounts can be taken over through social engineering and weak support verification.

News by Mymunah Tasnim on  May 24, 2026

An increasing number of PSN account owners seem to be experiencing anxiety about a troubling account security problem following a recent discovery showing how easily it would be to gain access to another person’s account using simple personal details and the cooperation of an account support agent.

Although the incident cannot be termed hacking in the classical sense, as it does not involve any intrusion into Sony's servers or database, many gamers are calling it one of the scariest security threats to the PlayStation network in recent history. The problem seems to have surfaced following the exposure of an attempt to hijack the PlayStation account of a well-known gaming personality, Colin Moriarty.

PSN, Account Security, Social Engineering Attacks, Sony Customer Support

In Moriarty's case, the attack did not involve any email or website phishing, nor did it involve malware or a database.

Rather, all that is involved is some kind of social engineering trickery. This seems to be based on gathering only a small amount of information about the specific account in question. Attackers apparently need only know the PSN username, the email address linked to the account, and either a transaction code or the purchase date from the PlayStation Store.

In some instances, with that information, customer service agents will supposedly validate a request for account recovery or make changes to the account. The frightening thing about all this is that part of the information needed to exploit a customer service agent could very well be found through the user's public online activity.

This includes trophy history, gaming sessions played, streaming sessions, screenshots, and social media posts. In other words, if your history of public trophies indicates that you received trophies for a recently released game on its release day, it is safe to infer that you bought the game on the same day as well.

Regardless of whether an adversary knows whether the game was obtained physically or digitally, they can try to obtain information about it if they catch a customer support employee who accepts the information as proof of purchase. The user named Pork Poncho apparently decided to test the method and got his sister’s permission to do so.

As he claims, he managed to access the PSN account using minimal information.

The names of two video games she had bought and the transaction dates. According to the user, the whole process involved only minimal amounts of cooperation from support. However, the main issue with this problem concerns what happens after a person successfully logs in to the account. Sources say there are no limitations or additional requirements for changes such as switching emails, disabling two-step verification, or removing the passkey.

Once all the above-mentioned changes are made, nothing would prevent the original owner from being permanently blocked from their account. It is a huge threat to many gamers who spend hundreds or even thousands of dollars on PlayStation digital libraries and the achievements and memories associated with their PSN accounts. For some people, a year's worth of online activity may be wiped away in a single move if they fall victim to a cyberattack.

Moriarty claimed he was able to move quickly to resolve the situation himself because of his personal connection to Sony. For the majority of PSN users in such an unfortunate situation, the chances of resolving the problem are extremely slim.

PSN, Account Security, Social Engineering Attacks, Sony Customer Support

However, even scarier was the number of similar situations reported to have occurred among known figures in the PlayStation world. In particular, one of the most significant cases cited involved the trophy hunter Hakoom, who, according to Moriarty, had his account deleted and could never restore it.

Such information was quite shocking, given that Hakoom is known as one of the best trophy hunters on PSN.

A lot of people seem annoyed that an account with several years’ worth of purchases and history can be hacked using a simple glitch on PlayStation support. The sentiment in the community seems to revolve around the inability to believe that something as serious as two-factor authentication, and even a passkey, can be stripped so easily in the span of one PSN support session.

On the other hand, there have also been reports saying that Sony is aware of the problem and may already be investigating it. People say Sony is taking the reports seriously, but the concern remains about how little data is needed to start the hack. In the meantime, there have been calls for players to examine their social media activity and remove any traces of public receipts, confirmations, or screenshots that include the order number or transaction ID.

Small details that may appear irrelevant at first glance could prove helpful to attackers impersonating you. The other big red flag here is the email address used for the PSN account. In light of the reports under discussion, the email address linked to your PSN account might be crucial for the impersonators.

Users have been advised to cease using widely popular email addresses for PSN on their PlayStation consoles.

If the same email has been used to connect your gaming account to your social media, forums, livestreams, and personal profile accounts, it would probably be much easier for others to accumulate enough data to perform an account takeover. Players have started advising using a completely new email address to create their PlayStation Network account.

Though most would agree that such measures need not be implemented in the first place, the advice has become more popular due to the validity of these reports. Overall, this whole experience has left many long-term PSN members feeling frustrated and worried.

The fact that all their trophies and purchases could be lost if someone tricks a support representative into making changes to an account is worrying the gaming community. Although the circumstances do not constitute a breach of the typical security network or a hacker attack on Sony’s system, the players still see it as a major security concern, since the outcome is the same in either case.

If someone changes your account data and locks you out, you risk losing all the items linked to your PSN account, and you cannot easily get them back. Until better safeguards are available, the best advice is to ensure that no one discovers your account information, to keep receipt information private, and to use a unique email address to access the PlayStation Network.

Mymunah Tasnim

Editor, NoobFeed

Related News

No Data.