PlayStation Network has a long history of security scares, from major outages to the infamous 2011 breach. While Sony has added protections over the years, recent reports suggest smaller, preventable account takeovers are still happening—and that PlayStation support may be making the problem worse.
A new incident involving French journalist Nicolas Lellouche has reignited concerns about PSN account security. According to his account shared on social media, a hacker managed to break into his PlayStation Network profile, then quickly changed both the email address and password tied to the account. He also noticed a €9.99 charge, which appears to be linked to the fee for making those account changes.
What alarmed people most wasn’t only the takeover—it was how easy it was to recover the account, even with two-factor authentication enabled. Lellouche contacted PlayStation support and found the restoration process required surprisingly little information: his username and a transaction number from a previous purchase receipt. Despite PSN offering 2FA as a key safety feature, it didn’t meaningfully slow down the attacker or prevent the account from being altered again.
The situation escalated when, only about an hour after regaining access, Lellouche says he was hacked a second time. After struggling to get effective help from support, he decided to message the person behind the intrusion. The hacker reportedly claimed that a transaction number Lellouche had posted online made it possible to carry out the account recovery. Even more unsettling, the attacker allegedly showed little fear of consequences, suggesting they were mainly interested in using the account to play games.
Lellouche’s latest support request is reportedly still pending while agents investigate. Even if his case is resolved, the broader takeaway has made many PlayStation users uneasy: if basic details like a username and a single transaction reference can help someone seize control, then PSN accounts may be more vulnerable than most people realize.
It’s also not an isolated story. Another recent case involved a prominent trophy collector, dav1d_123, who reported losing access to his PlayStation trophies. In that scenario, the thief allegedly sells trophies through black-market channels, and the takeover was said to require minimal information—raising the same concern that support processes may be overlooking obvious red flags and unusual activity.
The hard lesson for gamers is clear: don’t share receipts, transaction IDs, order numbers, screenshots of purchases, or any account-related details publicly—even if your password is strong and 2FA is enabled. Those bits of information can sometimes be used as “proof” during account recovery attempts, especially if a support workflow relies on easily obtainable data rather than stronger verification.
Ultimately, these stories suggest that two-factor authentication alone isn’t enough if customer support recovery rules can be exploited. And while PS5 users are understandably worried about losing digital libraries or being hit with unauthorized charges, similar account takeover risks can affect anyone in the console ecosystem when an attacker successfully changes the email address tied to an account.
