Ohio-based Pete Wenzler estimates he’s spent over $20,000 on games and services using his PlayStation Network (PSN) account, but he lost it all to a hacker, and Sony refuses to help.
“If I call customer service, they won’t speak to me at all,” he tells PCMag.
Wenzler, whose account was hijacked on Jan. 12, is just one victim in a growing trend in which hackers allegedly manipulate Sony’s customer support into granting access to PlayStation accounts. The incidents are alarming because they bypass two-factor authentication (2FA) and even passkeys on a PSN account, two security mechanisms designed to prevent hijackings.
Most disturbingly, I was able to essentially hack my own PlayStation account with ease in about 30 minutes by messaging the company’s “PlayStation Online Assistant” chatbot. The registered passkey didn’t matter at all.
On social media, you can find hackers selling access to stolen PSN accounts. And in some cases, they’ve told victims it was easy to pull off.
Initially, I wondered if the hackers were calling Sony’s human customer support agents and tricking them into handing over access. But that isn’t necessary, thanks to the chatbot on Sony’s customer support page. When you initiate an account recovery, you submit a PSN ID, the registered email address, the user’s full name, and one other detail:
-
The first four and last four digits of the credit card number used on the account.
-
Serial number of the first console used to create or log into your account.
-
Order number for a recent transaction made on this PlayStation account.
(Credit: Sony)
I submitted an order number from 2023. The chatbot processed my request and let me register an entirely new email address for my PSN account. I didn’t need to verify the process from the original email address at all.
This means a hacker could exploit the same process to hijack a PSN account by placing it under their own email address, which Sony will then use to complete the account recovery. At the same time, the process seems sever the connection to the old email address, preventing it from receiving anymore password resets.
I was stunned because the process completely bypassed the passkey I had registered on my PSN account. The chatbot even asked me: “May I know if you also need help to disable extra security measures activated in the PlayStation account?” I said yes, and the passkey was gone.
(Credit: Sony)
Sony’s approach seems to assume only the real owner of the PSN accounts would know such details. But hackers are a resourceful group.
Case in point: On Tuesday, one hacker posted on social media numerous personal details of the owner of a PSN account, including email address, location, phone numbers, and even Instagram handles. The hacker leaked the details following an apparent dispute, effectively handing a roadmap to any bad actor looking to hijack the PSN account.
We then reached out to the account owner, a man named Lenny, who confirmed the account was his. “Wow, that is wild,” Lenny tells PCMag.
“I’ve been hacked several times over the last few years. This is the second or third time this year,” he says, noting that 2FA had somehow been removed. “As a person who’s worked in IT and customer service, I don’t understand how this is even their process for recovery.”
‘I’ve Lost All Trust in Sony and PlayStation’
The hijacking threat underscores the dangers of buying games locked to a digital platform. Wenzler says he’d gone “all digital” and enrolled in 2FA before his account was stolen. He only realized he’d lost access after receiving an email stating that 2FA had been disabled due to an account compromise. Now, even his two children have lost access to their own accounts because they were tied to his PSN account.
Another victim, David Tremblay, owned the high-profile PSN account dav1d_123, which once held the record for most digital trophies. He also had 2FA in place, but his account was compromised in October. The situation has been so frustrating that “I’ve retired from competitive trophy hunting and lost all trust in Sony/PlayStation,” Tremblay told PCMag.
In December, French journalist Nicolas Lellouche warned about the gap in Sony’s customer support after losing access to his PSN account, despite having 2FA and a passkey in place. A hacker convinced Sony’s customer support that the hijacker was the rightful owner by submitting a transaction ID from an old online purchase the journalist had publicly shared years earlier.
“Several users told me they had experienced similar hacks, sometimes without a solution (customer service refuses to return the account because they can’t verify the identity of the real and fake owners),” Lellouche wrote, translated from French.
It’s possible the hackers are relying on direct contact with Sony customer support agents to take over accounts as well. Tremblay told PCMag his own hacker claimed to have gained access by “phishing PSN Chat Support agents until one of them believed his story.”
Messaging from the hacker (Credit: David Tremblay)
The hacker also alleges that “you can steal anyone’s account just by knowing their public [PSN] username, and blames Sony for outsourcing customer support to Colombia,” Tremblay says.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Australia-based Justin Beech also lost his PSN account around Jan. 30. He had 2FA turned on, but had changed the account’s registered email address, password, and security questions following a hijacking three years ago. He suspects the earlier hijacking—which likely revealed details about his PSN account—may have paved the way for a new hacker to target it again.
“Whatever [the hackers] knew was enough to call in and convince a rep of ownership, or they simply bribed a rep for whatever missing info they needed,” he told PCMag. “They probably told some sob story about losing their phone and email address and needing a full reset.”
He estimates he has spent $8,000 on his PSN account since 2006. Without the account and the digital games, he says his PlayStation has become a “boat anchor.”
Sony Is ‘Unable to Assist’
A response from Sony’s customer support. (Credit: Justin Beech)
All of these victims have one thing in common: Lackluster support from Sony customer service.
Those we spoke to said Sony initially responded by helping to restore access. But the attacker was quick to strike again and reclaim their accounts. Rather than intervene, Sony allegedly went quiet, leaving customers with little recourse.
Tremblay has a theory. “The only explanation for PSN Support refusing to help me is that [the hacker] somehow intercepted the ongoing investigation and convinced Support that he was the rightful account owner, getting the account protected in his favor,” he says.
So far, Sony has declined to comment on the account hijackings. “Sony does not comment on pending legal matters,” it tells PCMag.
Recommended by Our Editors
Wenzler filed a Better Business Bureau complaint about the hijacking, after which Sony told him it was “unable to assist in gaining access to the account mentioned.”
One of the latest denial emails from Sony to Wenzler. (Credit: Pete Wenzler)
In the meantime, the hijackings have been traced to hackers who are reselling dozens of stolen accounts on social media for hundreds or even thousands of dollars. They’re focused on stealing accounts with desirable screen names, often created 20 years ago when PSN launched.
In some cases, the hackers have also been trying to cut deals with their victims to regain access.
“i can give u useful information but ofc [of course] for a fee,” one alleged hacker told PCMag. We declined to pay, and the hacker did not provide more details about the hijackings.
Messages posted by the hacker. (Credit: PCMag)
Wenzler’s case has been particularly nightmarish because the hacker mocked him on social media. The hacker offered to return the account—if Wenzler agreed to share access. “I’m a trophy hunter too and i’m not even in the US,” the hacker wrote. “I have a whole different time zone so when you’re asleep i can trophy hunt a bit on the account.”
Initially, Sony restored access to Wenzler’s account, but then permanently suspended him over allegations that he was trying to sell the account. Later, the hacker even called Wenzler, spoofing PlayStation’s customer support number and impersonating a Sony fraud department representative. The apparent goal was to trick Wenzler into revealing numerous personal details —such as the console’s serial number, the most recent game played, and credit card details. The hacker likely then used the information to impersonate Wenzler while speaking with Sony’s actual customer support in an effort to fully take over the account.
Wenzler is now considering legal action against Sony. However, the terms and conditions for a PSN account require the consumer to waive their right to a class-action lawsuit if a dispute arises. The attorneys he’s contacted so far have refused to take his case.
“Honestly, I feel like I’m going to puke over the situation,” Wenzler told PCMag in a phone interview after Sony rebuffed his latest request for help. “We just want our accounts back.”
Meanwhile, on X, Tremblay issued a blunt warning to the gaming community: “Your PSN account isn’t safe.” He also suspects the hijackings aren’t just clever social-engineering hacks, but the work of someone with “inside access” to Sony’s support tools.”
(Credit: David Tremblay)
Tremblay notes that the hacker at one point sent him a screenshot of the LinkedIn page for a Sony customer support coordinator named Anthony. “that’s the dumb ass high tier who gave me the account and added the flag,” the hacker wrote. “they hire some stupid 50 year olds that believe anything.”
Days later, Anthony called Tremblay to help restore access to his PSN account, which included resetting the account email address to one he controls. But no extra security was added, meaning it could be hacked in the same way again.
Although Tremblay regained access to his own account, he says the hacker was never defeated; he merely got bored after Tremblay refused to pay a ransom demand. “I’m not the first victim of this type of attack, and I won’t be the last,” he added.
About Our Expert
Michael Kan
Senior Reporter
Experience
I’ve been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I’m currently based in San Francisco, but previously spent over five years in China, covering the country’s technology sector.
Since 2020, I’ve covered the launch and explosive growth of SpaceX’s Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I’ve combed through FCC filings for the latest news and driven to remote corners of California to test Starlink’s cellular service.
I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. Earlier this year, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.
I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I’m now following how President Trump’s tariffs will affect the industry. I’m always eager to learn more, so please jump in the comments with feedback and send me tips.
Read Full Bio
