He woke up to an inbox flooded with spam and a PlayStation email saying his account email had been changed. Within hours, two-factor authentication was gone and his PSN access was severed. I watched Colin Moriarty — someone with an alphanumeric password and 2FA — scramble while Sony’s official support told him recovery could take weeks.
I follow PlayStation security closely, and you should care because this isn’t a lone incident. I want to tell you exactly what happened to Colin, who to blame, and the practical moves you can make right now to lower your risk.
His inbox filled with spam — What happened to Colin Moriarty
Colin Moriarty, host of Sacred Symbols, posted on X that his PSN account was taken over despite a complex password and two-factor authentication. A stranger had warned him days earlier that his account would be targeted; Colin tightened every control he could think of and still lost access.
The pattern is cold and simple: attackers harvest a PSN ID plus one piece of transaction data — a full order number or the last four digits of a card — then call PlayStation support and claim ownership. Support staff, presented with those details, too often accept them as definitive proof and make account changes: swap the email, disable 2FA, and lock the original owner out.
How are PSN accounts being hacked?
Security researchers and creators like Pyo documented the method on X: the attacker needs only a PSN ID and a single purchase identifier. They contact PlayStation support, present the transaction detail as proof, and request an email change and removal of 2FA. That social-engineering angle lets them bypass technical protections — it’s less about cracking passwords and more about convincing human agents.
Support said a three-week wait — The human cost of a slow response
When Colin reached PlayStation support, he was told recovery could take around three weeks. That delay matters because while an account sits in unauthorized hands it can be used to buy games, sell items, or be sold outright.
With the help of my friends and connections at Sony, I got my account back. I want to thank everyone for their kind words, advice, and direction! It meant a lot. I fully know I exercised advantages due only and exclusively to my stature in the PlayStation community and my many tethers to the mothership. These are absolutely not privileges many other people have. I simply must acknowledge that.
Colin was fortunate: inside contacts at Sony pulled him through. Most players lack that advantage and face long waits or permanent loss. That gap between policy and practice is where the real risk lives.
Can I recover a hacked PSN account quickly?
Usually no — unless you have leverage. Standard routes can be slow. If you do need to act fast, gather receipts, original purchase emails, console serial numbers, and bank statements. Ask for escalation, and request to speak with a supervisor. If you have friends inside Sony or a social reach, use it; otherwise brace for a slow, paperwork-heavy process.
He had 2FA and a strong password — Why that wasn’t enough
That detail is the hard lesson: technical safeguards matter, but the verification process at the support desk can nullify them. Attackers are exploiting trust and record-keeping — they present a single transaction detail and the account gets handed over.
Think of the exploit as a locksmith who never had to pick the lock because someone handed over the master key; the technical defenses are bypassed by a paper trail. Because of that, removing saved payment details becomes one of the few effective counters a user can control.
What can I do right now to protect my PSN account?
Start with these practical steps you can do in minutes:
- Remove saved credit card info from your PSN wallet and set up purchase authentication for new buys.
- Use an authenticator app (Google Authenticator, Authy) for two-step verification rather than SMS where possible.
- Save receipts and order emails offline. If a hacker shows a single order number to support, you want a fuller trail ready to present.
- Monitor bank statements and set card alerts with your bank; consider using a virtual card for PlayStation purchases.
- Keep a record of your console serial number and original proof of purchase — support asks for this when accounts are disputed.
Multiple reports piling up — What Sony and PlayStation support should fix
Across X, workload-driven support behavior and repeated user reports reveal a pattern: human verification is the weak link. Players reported similar hacks in recent days, and the timing — right after a PS Plus price increase — has only amplified frustration.
Sony should harden support verification and require multiple independent proofs before changing account emails or disabling 2FA. Without that, attackers will keep exploiting the same social-engineering hole until the process is patched. This leak in the chain is like smoke through a vent: small at first, then spreading where you least want it.
I will keep pressing sources and producers at PlayStation and reporting what I learn. You should remove saved payment info, tighten authentication, and prepare evidence — because being proactive is the only reliable defense left. Will you act now or wait until your account is the next warning story?