PlayStation is left exposed after a new security flaw against Xbox

PlayStation Network accounts can be hacked even with 2FA and passkey enabled.

More stories in the category News

• Mexico backs down on video game tax: the 8% levy will not be applied
• We’re Already Starting: 007 First Light Delays Its Release
• This new horror game already has a demo on Xbox… and everything revolves around a cursed doll

Security is once again at the forefront of the debate between platforms, and this time Xbox emerges clearly strengthened. A new report has uncovered a serious issue in PlayStation Network, where several accounts have been compromised, even with two-factor verification enabled, two of the most advanced security measures offered by Sony.

The case has generated concern among gamers and once again raises questions about the robustness of Sony’s security system, especially when compared to the more stable history of the Xbox ecosystem in this area.

A flaw in PSN allows accounts to be stolen with minimal data

The information comes from the French media outlet Numerama and tech journalist Nicolas Lellouche, who saw his PSN account being hijacked despite being protected with a passkey. The attacker managed to change the email address, password, and make purchases using a linked payment method.

Although Lellouche was able to recover access with the help of official support, the problem was even more severe: the attacker regained control for a second time. In subsequent conversations, the hacker himself confirmed that the flaw is related to the account ownership verification system.

According to the testimony, all it took to gain control was:

• The username of the account

• A transaction number, obtained from a screenshot posted on social media in 2023

Additionally, Lellouche discovered that Sony accepts other partial data, such as the last digits of a payment card or the serial number of a console, to validate account ownership, which opens the door to serious abuse if this information is leaked.

After making the case public, other users responded confirming similar experiences, some of them permanently losing their account, with no possibility of recovery.

Xbox strengthens its position in account security

• This new incident once again highlights the value of Xbox’s security approach, where recovery processes are more closely tied to the Microsoft account, with cross-verifications, constant alerts, and a system less dependent on easily leakable data.

While on PlayStation Network, a simple number visible in a screenshot can become an entry point, on Xbox, no such major flaws have been reported in equivalent scenarios, even with high-value accounts.

In a context where digital libraries, payment methods, and hundreds of hours of gameplay depend on a single account, security is no longer a minor detail, and this new case makes it clear that Sony has work to do to avoid such situations from happening again.