A very worrying security vulnerability has emerged in PlayStation Network (PSN) accounts that concerns millions of players. Former IGN editor and well-known game streamer Colin Moriarty announced that his PSN account was compromised by cyber attackers despite using a strong password and two-step verification (2FA) system.

Research conducted following the incident shows that hackers resorted to “social engineering” tactics instead of complex software cracking systems. Customer service is received by using only the invoice number and username related to an old game purchase process. In this way, the e-mail address of the account is changed and the existing 2FA protection is completely disabled.

Why Doesn’t Two-Step Verification (2FA) Work?

Many players think that they are completely safe when they add 2FA to their accounts via phone number or authenticator applications. However, this latest crisis on the PlayStation front reveals how easily digital firewalls can be bypassed due to customer service policies. The vulnerability in the system is caused by the weakness in the support team’s authentication processes rather than a software error.

Hackers capture the username (PSN ID) of the PSN account they target and the order number of a random purchase made in the past. These order numbers are often obtained from old forum posts, screenshots on social media, or information leaks from third-party game key selling sites.

The attacker then calls Sony customer service, claims that the account belongs to him, and presents this order number as evidence. The support group finds this information sufficient and changes the registered e-mail address of the account and turns off 2FA protection. Thus, the account changes hands without any confirmation code being sent to the real user’s phone.

How Was Colin Moriarty’s Account Stolen?

Sacred Symbols podcast host Colin Moriarty shares with his followers the process of his account being stolen in full detail. Stating that he received a warning message saying “They will get your account today” shortly before the incident, Moriarty quickly changed his password and took precautions.

But hours later, his email box is suddenly flooded with hundreds of spam messages. This tactic is used to ignore the “Your email address has been changed” notification from Sony.

When Moriarty, who has completely lost access to his account, reports the situation to the PlayStation support team, he is told that the process may take up to three weeks. The publisher, who managed to get his account back in a short time thanks to his long history in the sector and his personal contacts within Sony, honestly admits that ordinary players do not have this privilege. It is stated that many users cannot access their accounts for months or years through no fault of their own.

Similar Incidents Are Increasing: Danger Applies to Everyone

This security vulnerability is not limited to Moriarty. French Numerama journalist Nicolas Lellouche states that his account was compromised in exactly the same way in December 2025. The scarier part is that Lellouche’s account was hacked for the second time in May 2026, using the same vulnerability, despite the necessary security measures being taken. Sony’s decision to prioritize analog information over digital security on the customer service side puts users’ digital game libraries worth tens of thousands of liras at great risk.

Moriarty and information security experts say that they shared the information they obtained directly with Sony management to resolve the problem. Until the company releases an official system update regarding this vulnerability, users need to be very careful.

Experts warn game lovers not to share their old invoices, transaction numbers or purchase screenshots on the internet. Even the slightest process trick can cause your entire account and effort to evaporate in seconds.