Shared purchase details used to regain account access
Summary
– A PS5 account was hacked after an old invoice number was shared online
– Hackers exploited PlayStation support verification procedures
– The incident occurred despite two-factor authentication being enabled
PlayStation 5 users are being urged to take extra precautions after a recent account hacking incident highlighted a serious security concern. The case illustrates how seemingly harmless information can be exploited to bypass safeguards and gain control of an account. It serves as a reminder that online gaming accounts carry real risks.
The situation came to light after a journalist at French outlet Numerama had their PlayStation account compromised. According to a report shared on Reddit, the issue began when a transaction invoice from the PlayStation Store was posted online. That single detail proved enough to create a serious vulnerability.
The hacker reportedly contacted PlayStation support and claimed the account had been stolen. By providing the PSN username and a transaction number from an older invoice, they were able to convince support to grant access. The original owner managed to regain control, but the hacker repeated the process within an hour and locked them out again.
Notably, the account had two-factor authentication enabled at the time. Despite that added layer of security, it did not prevent the takeover because the attack relied on customer support verification rather than login credentials. This has raised concerns about how identity checks are handled during recovery requests.
Many users responded by stressing the importance of keeping all purchase details private. Similar stories were shared involving other platforms, where old invoices were enough to reclaim accounts even with security features enabled. The incident suggests that account recovery systems can sometimes undermine protections meant to keep users safe.
While Sony has not publicly commented on the case, the situation highlights a risk PS5 owners should take seriously. Avoiding the sharing of receipts, transaction numbers, or account-related screenshots may help reduce exposure. For now, awareness may be the best defense.
