Nicolas Lellouche, journalist for the website Numerama, lost access to his account on PlayStation The attacker changed the associated email, password and charged 9.99 euros via linked PayPal to change the username. The case occurred at França and gained repercussions after Lellouche shared details on social media. The hack happened twice within a few hours, highlighting a weakness in the account ownership verification process by Sony support.
The hacker used social engineering to convince PlayStation support that he was the legitimate owner of the account. Ele only provided the username and a transaction ID number from an old purchase, obtained from a screenshot shared publicly by Lellouche in 2023. Essa was enough information for support to grant access, bypassing all activated digital security measures.
Lellouche temporarily recovered the account after contacting support, but the attacker repeated the procedure shortly afterwards, demonstrating that the method can be applied multiple times without alerts in the system.
How the initial invasion occurred
The journalist received notifications of a change in the connection ID and an unexpected charge on PayPal. When trying to access the account, he found that the email and password had been modified, and his PS5 console was disconnected remotely. The hacker, identified as “Derol Bodden” in internal PSN messages, removed friends, conversations and changed personal data from the account.
Lellouche contacted the attacker directly via messages on the PlayStation platform. The hacker explained the process, stating that Sony support requires minimal checks to transfer account ownership.
Weaknesses in the support process
PlayStation support accepted the transaction ID as unique proof of ownership, without requiring additional data such as date of birth or complete access history. Essa practice facilitates social engineering scams, where the attacker convinces the support agent to make changes without rigorous validations.
Security experts point out that information such as transaction numbers, serial numbers from old consoles or data from previously linked cards can be used in the same way. Hackers collects this data from screenshots shared online, including in news reports or forums.
- Avoid posting images of PSN emails or invoices that show transaction IDs.
- Do not share console serial numbers or details of past purchases.
- Use prepaid cards for purchases in the digital store, limiting financial risks.
- Monitor access notifications and account changes regularly.
Recovery and repetition of the attack
After the first recovery, Lellouche reactivated security and changed credentials. However, in less than an hour, the hacker repeated contact with support and regained control. The system did not flag multiple consecutive requests for the same account as suspicious.
The journalist opened a new support ticket, which remains under analysis. Ele plans to publish further investigation into the case.
Recommended protective measures
PSN users must reinforce security habits to minimize exposures. Enabling 2FA and passkeys protects against direct intrusion, but not human support manipulation.
Experts suggest removing permanent payment methods from the account and opting for one-off additional ones. Além Additionally, review old social media posts to delete any sensitive PlayStation-related data.
- Enable email notifications for all account changes.
- Use password managers for unique and complex credentials.
- Avoid linking credit cards directly; prefer wallets or gift cards.
- If suspicious, contact support immediately with proof of ownership.
History of similar problems
Cases of PSN account theft via support occur periodically, affecting trophy collectors and ordinary users. In previous incidents, hackers sold valuable accounts on the black market after gaining similar access.
Sony faced criticism for not implementing more robust checks, such as passphrases or analysis of access patterns. Até At this time, the company has not publicly commented on the case of Lellouche.
Repercussion on the gaming community
The report went viral on social networks and gaming forums, generating debates about the reliability of PSN for extensive digital libraries. Jogadores express concern about investments in games and content that could be lost permanently.
Communities recommend saving backups in the cloud and constant monitoring. The incident reinforces the importance of online privacy in casual sharing.
Final safety guidelines
Keeping personal data private prevents hackers from obtaining information needed for support scams. Combining strong digital tools with caution in public exposure offers better protection.
Affected users should dispute undue charges with banks or PayPal and document all interactions with support for possible escalations.
