BigTech CompaniesCybersecurityNewswireTechnologyWhat's Buzzing

Major PS5 Security Flaw Puts All Users at Risk

Originally published on: May 24, 2026
▼ Summary

– A social engineering scam targeting PSN accounts exploits sympathetic customer service representatives, requiring only minimal personal details like a username, email, and a transaction date or purchase.
– Hackers can infer this information from publicly available Trophy data or exposed receipts, allowing them to commandeer an account without traditional hacking or phishing.
– Once inside, attackers can change email addresses, disable two-factor authentication, and remove passkeys, locking the original owner out with no easy recourse.
– Prominent figures like Colin Moriarty and Trophy hunter Hakoom have been victims, with Moriarty only recovering quickly due to his connections at Sony.
– The vulnerability affects all PSN users, as accounts contain valuable digital purchases and memories, and Sony has been informed but the flaw remains serious.

A newly uncovered PSN security vulnerability is raising serious alarms across the PlayStation community, and unless Sony strengthens its customer verification procedures, every user could be at risk.

Earlier this week, I reported on how Sacred Symbols host Colin Moriarty nearly lost his PSN account to a social engineering scam. Now, a follow-up podcast revealing the full details has exposed a critical flaw in Sony’s system that could affect millions of players.

Here’s the breakdown:

This isn’t a traditional hack. There’s no breach of Sony’s network or database, and no phishing emails or fake websites involved. Instead, it’s a social engineering attack that exploits a few easily obtainable personal details, like an email address and a purchase date.

When I first heard about Moriarty’s ordeal, I reached out to ask if he’d ever accidentally shared a receipt or transaction ID in a livestream or on social media. That’s because his case reminded me of a similar incident from last year involving French journalist Nicolas Lellouche.

The core issue: Customer support agents can be persuaded to hand over account access with surprisingly little information. What’s needed?

  • A PSN usernameIf that sounds too easy, X user PorkPoncho decided to test it. According to his report, he successfully accessed his sister’s PSN account (with her permission) by providing support with just two game purchases and their dates.As Moriarty points out in his podcast, attackers can often infer this data from publicly visible Trophy lists. For example, if you started earning Trophies in Resident Evil Requiem on launch day, it’s a safe bet you bought it then. Hackers might not know if a game was digital or physical, but with enough attempts and a sympathetic agent, they can slip through.Once inside, they can change your email, disable two-factor authentication, and remove passkeys with no further security checks. You’d be locked out of your account permanently.Moriarty notes that he was able to escalate his case quickly thanks to his industry connections. Most of us won’t have that luxury. In fact, high-profile trophy hunter Hakoom fell victim to a similar scam and never recovered his account.Moriarty says he’s shared everything he learned with Sony, and the company appears to be taking the issue seriously. Still, it’s alarming to realize how easily any of us could lose access to accounts holding years of gaming memories and potentially thousands of dollars in digital purchases.I’ll be reaching out to Sony for comment and will update if I hear back.In the meantime, review your social media history for any accidentally shared transaction IDs or receipts. It’s safer to keep those private. I also recommend listening to Moriarty’s full story, now available outside Patreon for free, to understand exactly how this works and why it matters.
(Source: Push Square)

Topics

psn security flaw 95% social engineering scams 93% account takeover 92% customer service exploitation 90% personal data exposure 88% two-factor authentication risk 86% digital purchase loss 84% trophy data inference 82% colin moriarty case 80% hacker methodology 78%