Overview
- Colin Moriarty detailed a live hijacking in a May 22 account in which attackers phoned Sony support with his email and old transaction data to take control of his PSN profile.
- Independent user tests and reporting reproduce the vector and show support agents accepting minimal purchase details as proof of ownership.
- Once inside, attackers can change the account email, disable two‑factor authentication and remove passkeys so the rightful owner cannot regain access without help.
- Moriarty regained his account within hours only because of long‑standing industry contacts, illustrating that most victims lack an effective recovery path.
- Journalists are urging Sony to tighten support verification while advising users to use a dedicated private email, remove saved payment data and avoid posting receipts or transaction details.