Sacred Symbols podcast host Colin Moriarty recently received a bizarre warning. “Colin, I’m just warning you,” it read. “They have your information and they are going to try to take your account today.” Sure enough, the ex-IGN editor and Kinda Funny Games cofounder’s PlayStation account was hacked shortly after, and he was locked out of a library of hundreds of digital games and an account history built up over decades. While Sony was able to restore access in record time, the high-profile incident has raised fresh concerns about vulnerabilities in PlayStation’s account security.
“My PSN account was hacked, seemingly as part of an ongoing sophisticated series of moves against both random and ‘prominent’ users,” Moriarty posted on X on May 18. He said his account was compromised despite two-factor authentication protection and that it was immediately used to threaten his fellow Sacred Symbols podcaster, Dustin Furman, with a message sent over PSN that read, “You’re next.”
While a representative of PlayStation Support initially told Moriarty that it could take up to three weeks to get access to his account back, he was able to reach out to existing contacts within Sony and its first-party game studios to escalate the issue. “I fully know I exercised advantages due only and exclusively to my stature in the PlayStation community and my many tethers to the mothership,” he posted on X after getting his account back. “These are absolutely not privileges many other people have. I simply must acknowledge that.”
Sony did not respond to a request for comment.
Moriarty’s experience isn’t a one-off. There have been other reports over the years of PlayStation users losing access to their accounts. Last year it happened to a writer at the French tech website Numerama named Nicolas Lellouche. He woke up to a message from Sony saying that his account information had changed. Then rogue purchases on his linked PayPal account began rolling in. Lellouche was able to regain access to his account only for it to be stolen again. He theorized that hackers were able to use limited pieces of personal information to convince Sony’s customer support to lock owners out of their accounts.Â
“The main problem: the customer service has a tool to reset a mail even if it’s protected by a password or a passkey,” he wrote on X. “They just need to trust you, but an old transaction ID in a mailbox is enough for them to know it’s you. So hackers use that to change the ID of a lot of accounts and sell them.” It’s unclear if Sony has fixed this apparent loophole or if the hacker who targeted Moriarty’s account used a different method of gaining access. A past PlayStation trophy record holder previously accused hackers of bribing PlayStation support staff to aid in stealing high-profile accounts.
As Lellouche points out, any easy-to-exploit security vulnerability is a major concern, especially at a time when the PlayStation ecosystem has moved almost entirely away from physical games. Having your account stolen can mean losing access to hundreds or even thousands of dollars worth of purchases. “Rest assured I am already bending (and will continue to bend) the ears of who I can to hopefully help convince the powers-that-be that this is a real issue they have to contend with,” Moriarty wrote.Â
