It has now been confirmed that a major Sony security loophole is behind an alarming number of PS5 users having their PlayStation accounts hacked. “Hack” might not even be the right word for it, as what’s happening is basically one big social engineering scam successfully carried out with the help of PS Support agents.
How PlayStation accounts are ‘hacked’ with social engineering
To be clear, no one is immune to this social engineering scam because all hackers need is basic public information about the victim. Suggestions that the victims are to blame because they must have shared private information online, like a PS Store transaction number, are misleading at best.
While it’s true that sharing something as mundane as a screenshot of a PS Store purchase with a transaction number can aid hackers, that’s not how known PlayStation journalist and podcaster Colin Moriarty was hacked.
Scammers can break into an account with the help of PS Support by simply providing recent purchase history. So, for example, if you talk about buying a new game online and a scammer takes note, they can impersonate you by providing a transaction date and details about what you purchased, along with your username or email address, and gain control of your account.
This renders two-factor authentication and passkey useless because it’s a PS Support agent overriding your safety net.
X user PorkPoncho tested this out, and successfully “hacked” their sister’s PlayStation account (with her consent, of course) to demonstrate how it works:
Moriarty also spoke about this issue at length in a new podcast:
I’ve seen PlayStation fans argue that scammers are using account recovery options that have existed for years and have helped in genuine cases of players attempting to recover their accounts. I’ve also seen the argument that this isn’t a major issue because prominent players are specifically targeted, and there isn’t a mass hacking attempt.
The problem with the first argument is that PS Support currently only requires basic information for its account recovery process. There should be a more robust system in place to prevent social engineering scams.
The second argument doesn’t hold water because there’s no stopping scammers from targeting random players. While we agree that these aren’t mass hacking campaigns, the victims aren’t necessarily prominent personalities, and if nothing changes, the amount of account thefts will only increase.
As we mentioned in our previous article, Sony is now well aware of this problem, but has yet to address it. In the meantime, we’re seeing more and more reports of players losing their accounts.
Just a day ago, another trophy hunter revealed on PSNProfiles that after 10+ years, they lost their PlayStation account to a scammer in the same way and had a hard time recovering it. They’re now trying to keep a low profile.
It certainly shouldn’t be this way.
Here’s hoping we hear something from Sony…. and soon.
Click Here For The Original Source.
