PlayStation content creator and former IGN editor Colin Moriarty has shared new details regarding the recent compromise of his PlayStation Network account, claiming the platform is highly vulnerable to social engineering attacks that can bypass passwords and two-factor authentication protections.
In a lengthy statement posted on X, Moriarty said he has spent the last several days investigating how PSN account thefts are being carried out while also speaking with multiple senior Sony employees across different departments.
“The reality, as far as we can tell, is that the PSN is extremely vulnerable to so-called ‘social engineering’: Using completely mundane information — like what you’d find on a Wal-Mart or Target receipt (if that) combined with nothing more than an email address — and using those details to hijack innocent people’s accounts via call center customer service representatives,” Moriarty wrote.
He added that the method allegedly allows attackers to bypass account passwords and two-factor authentication entirely. “This technique completely circumvents not only your password, but your 2FA, etc. It happened to me, it’s happened to many others, and it will continue to happen unless fundamental changes are made.”
Moriarty said he plans to discuss the findings in detail during the next episode of his Sacred Symbols podcast, which he confirmed will be made freely available upon release this Friday due to the seriousness of the issue.
The YouTuber also stated that members of his community with IT and information security backgrounds have been assisting him in gathering information related to the attacks. According to Moriarty, the findings are being passed directly to Sony in hopes of helping address what he described as a “major problem for the entirety of the PlayStation community.”
He outlined two primary goals moving forward: improving PSN account security measures and helping affected users regain access to stolen accounts. Moriarty claimed some users have reportedly been locked out of their accounts for months or even years “through no fault of their own.”
The latest comments follow Moriarty’s earlier claims that his PSN account had been hacked despite having two-factor authentication enabled. At the time, he alleged the attack may have been part of a broader campaign targeting both ordinary and high-profile PlayStation users.
“My PSN account was hacked, seemingly as part of an ongoing sophisticated series of moves against both random and ‘prominent’ users,” Moriarty previously wrote.
He also claimed he was not phished and did not expose his credentials through suspicious links or external services. According to Moriarty, his email inbox was flooded with spam messages shortly before he lost access to the account, potentially to obscure security notifications tied to the breach.
Moriarty later said Sony support informed him that the recovery process could take up to three weeks before further answers could be provided regarding the account. He claimed Sony removed his stored payment information but could not immediately restore full account control.
