Nicolas Lelouch, a journalist for the French publication Numerama, once again reported that his Sony PlayStation Network account had been hacked, despite having two-factor authentication and protection via an electronic key enabled. According to him, the problem is related to a vulnerability in the PlayStation support system, which allows attackers to gain control of an account using only a transaction number.
The problem was first widely discussed in December 2025. At that time, it was reported that PlayStation support staff could grant access to an account to anyone who provided a purchase or transaction number, effectively bypassing all modern digital protection methods.
Now Lelouch has reported that his account has been hacked again. On his X page, the journalist wrote:
Remember my PlayStation account hack that went viral worldwide, and Sony still hasn't fixed anything? I was hacked again last night.
After the first incident, Sony allegedly marked the journalist's account as "high-risk" so that support could not intervene without additional verification. However, this measure likely only lasted for a limited time – a few months later, the account was compromised again.
According to Lelouch, the situation has become even more alarming than before. While it was previously assumed that the same attacker was behind the repeated hack, signs now point to a different person: the new user did not change the account ID and launched completely different games. This, as the journalist notes, confirms that the vulnerability can be exploited by almost anyone with access to a transaction number.
Lelouch also criticized PlayStation's security system, stating that attackers can too easily change an account's email, disable the old address, and delete access keys. In his opinion, Sony's response to the problem remains insufficient, and the vulnerability itself has still not been eliminated.