A new security breach worries PlayStation players. According to a recent survey, PSN accounts can be hacked very easily. What exactly do we know?
This is worrying information to say the least that has been circulating for several days. Accounts PSN can be hacked even when two-factor authentication (2FA) and a passkey are activated. In question, a flaw linked to account recovery procedures, which would allow third parties to take control of an account by contacting support directly PlayStation. What is really happening?
A big problem on PSN
The alert comes from an article published by Numeramafrom the pen of journalist Nicolas Lellouche. The latter tells how his own PSN account, although protected by a passkey, was compromised. The hacker managed to change the email address, password, and even make purchases via an associated payment method. Even more worrying, the journalist managed to recover his account with the help of PlayStation support… before having it hacked a second time, in the same way.
According to the reported exchanges, the problem does not come from classic PlayStation security systems, but how Sony verifies the identity of the owner of a PSN account when contacting support. In this specific case, the hacker only needed two elements, namely the account nickname and a transaction number, visible on a screenshot published online several years ago. With this information alone, support would have validated the request and transferred access to the PSN account. Other methods also seem accepted, such as the last digits of a bank card or the serial number of a console, without verifying the name, date of birth or a secret question.
Cases far from isolated
Following the publication of this survey on PSN, several users shared similar experiences. Some explain having lost their account permanently, despite multiple attempts to recover it. This type of hacking is not new.
In the past, well-known figures in the PlayStation community have been affected. Trophy hunter Hakoom had already publicly spoken about a comparable situation, as had dav1d_123, former world number one, whose account was put up for sale after a data theft. At this time, Sony Interactive Entertainment has not officially communicated about this flaw or announced a fix. While awaiting a possible update of internal procedures, caution remains in order. It is strongly recommended to avoid any publication containing information related to a PSN account, even old or considered innocuous.
Source : Numerama
