A hacked PSN account can be monetized quickly through purchases, account resale, and social-engineering scams against contacts.
Fast containment is practical: revoke active access, secure the recovery email, and lock down account settings before dispute work begins.
First 15 minutes
- Stop active access: Sign out of PSN on all devices, and deactivate consoles you do not recognize.
- Reset your PSN password (and any other account that reused that password).
- Secure your email inbox (because PSN recovery emails go there).
- Turn on 2-step verification (2SV) and store backup codes safely.
- Check transaction history for unauthorized purchases and act fast.
- Remove saved payment methods and require a password at checkout.
- Contact PlayStation Support if you cannot sign in, your sign-in ID was changed, or purchases were made.
| If you are in this situation | Best next step |
|---|---|
| You can still sign in | Sign out on all devices, reset password, then enable 2SV and review purchases |
| You are locked out (password/email changed) | Use password reset first, then go to official PlayStation Support with proof of ownership if reset fails |
| You have unauthorized purchases | Remove payment methods, require password at checkout, and follow Sony's unauthorized purchase guidance before disputing |
| 2SV is blocking you (lost device/number) | Use backup codes if available, otherwise contact support and be ready to verify ownership |
Important: A bank chargeback can lead to account suspension. If you are considering a dispute, read Sony's chargeback guidance first and document what happened.
Signs your PSN account was hacked
Not every scary email is a real compromise. These signals are strong indicators you should treat this as an account takeover:
- You cannot sign in and your password no longer works.
- You receive PlayStation emails about a password reset, sign-in ID change, 2SV change, or a new login that you did not initiate.
- You see purchases, wallet top-ups, or subscriptions you do not recognize.
- Your Online ID, profile details, or privacy settings changed unexpectedly.
- Friends report strange messages, party invites, or spam coming from your account.
If you are unsure whether this is only PSN or a broader compromise, see how to check if you've been hacked for a fast, practical checklist.
Before you change anything: preserve evidence
Do not spend an hour building a perfect case file, but do capture a few details now. They can help support confirm ownership and help your bank understand what happened.
- Save PlayStation email receipts and security alerts (do not forward them to strangers).
- Write down the approximate time you noticed the issue and what you saw (for example, "email changed" or "unauthorized purchase").
- Note your Online ID and the email/sign-in ID you believe was on the account.
- If you see unauthorized purchases, list the order numbers or dates and amounts.
How PSN accounts get hacked
Recovery works best when you also remove the original entry point. For most PSN takeovers, the cause is one of these patterns:
- Password reuse: a password leaked from another site gets tried on PSN. This is why unique passwords matter more than "complex" passwords.
- Phishing: a fake login page, QR code, or "verification" message steals your email and password. Gaming accounts are heavily targeted because attackers can profit from resale or in-game purchases.
- Email compromise: attackers do not always need PSN first. If they control your inbox, they can request PSN resets and approve security changes.
- Shared device risk: a household console, a friend logging in, or a secondhand device can leave your account signed in somewhere you did not expect.
- Weak recovery setup: no 2SV, no saved backup codes, and outdated contact details make it easier for an attacker to lock you out.
The steps below address all of these. If you only reset a password but do not secure email, 2SV, and device access, you can get re-hacked quickly.
Start with one decision: can you still sign in?
If you can still sign in: you can usually lock the attacker out without waiting on support. Follow Steps 1 to 5 below.
If you cannot sign in: skip to If you cannot sign in and start gathering the information support will need.
Step 1: Stop the attacker from staying signed in
Many account takeovers are not just a stolen password. Attackers often keep a valid session on a console or browser so they can regain control after you change a password. Your first move is to force a logout and review device access.
- Sign out on all devices: follow Sony's official steps to sign out of PSN on all devices.
- Deactivate consoles you do not recognize: if you see unfamiliar consoles activated to your account, follow Sony's instructions to deactivate a PlayStation console. Sony limits full deactivate-all actions, so do this early if you need it.
If you share a console with family or roommates, you may see devices you recognize but do not personally control. In that case, prioritize sign-out and password reset first, then re-establish who should have access once the account is stable again.
Step 2: Reset your password and check for password reuse
Change your PSN password even if you believe the attacker got in another way. If the attacker changed your password already, do a password reset immediately.
- Reset your password: use the official password reset flow: reset your PSN password.
- Make it unique: if you reused this password anywhere else, assume those accounts are also at risk and change them too.
- Do not "test" old passwords: repeated failed logins can lock you out or create noisy signals that slow down your recovery.
A common root cause is password reuse plus credential stuffing (attackers trying leaked passwords at scale). A password manager helps because it makes unique passwords realistic for gaming accounts, email, and payment services.
Step 3: Secure the email account tied to PSN
Key idea: If your email is compromised, PSN recovery will not stick. Secure your inbox before you assume the attacker is "back".
Your PSN account is only as secure as the email inbox used for sign-in and recovery. If your email is compromised, the attacker can request new password resets and keep taking your PSN back.
- Change your email password and turn on MFA for your email provider.
- Remove unknown devices, sessions, or third-party access that you do not recognize.
- Check for sneaky persistence: forwarding rules, auto-replies, or filters that hide security alerts.
- If you need a structured recovery process for Gmail, see how to recover a hacked Gmail account (the same concepts apply to other providers).
If you discover your email was the entry point, fix that first. Otherwise, PSN recovery can become a loop where you keep getting reset out again.
Step 4: Turn on 2-step verification (2SV) and store backup codes
Once you have your password and email under control, add a second factor so a leaked password is not enough. Sony supports 2-step verification for PSN sign-in.
- Enable 2SV: follow Sony's 2-step verification setup instructions.
- Prefer app-based codes when possible: SMS codes can be vulnerable to SIM swap attacks. If you are not familiar with MFA terminology, see two-factor authentication (2FA) and its many names.
- Save backup codes safely: store backup codes in a safe place that is not your email inbox and not a notes app on the same phone that receives your codes.
If you are locked out because you cannot receive codes, Sony documents 2SV recovery options on 2SV troubleshooting and backup codes.
Do not share one-time codes or backup codes with anyone. A common scam is someone claiming to be support asking for your 2SV code. Real support should not need your active one-time code to verify you.
Step 5: Audit purchases, subscriptions, and payment methods
Account takeovers often lead to unauthorized purchases, wallet top-ups, or subscription changes. Handle this carefully. A rushed bank chargeback can create a second problem by triggering an account suspension.
- Check purchases: review your transaction history and your email receipts.
- Remove payment methods: delete stored cards and PayPal connections you do not need right now. You can add them back after recovery.
- Require your password at checkout: enable password at checkout so an attacker cannot buy games from a still-signed-in console.
If there are unauthorized purchases, use Sony's official guidance for unauthorized payments or a compromised account. If you are considering a bank chargeback, read Sony's page on chargebacks and account suspension first so you do not accidentally lose access while you are trying to fix the problem.
If you used the same payment card on other services, consider contacting your bank to discuss whether the card details may be at risk. If a child or family member had access to the console, confirm whether the purchases were truly unauthorized before you file a dispute.
Step 6: Review account details and privacy settings
Once access is stable, check for changes the attacker may have made to keep control or to monetize your account. This also helps you understand what happened if you need to explain it to support.
- Account details: confirm your sign-in ID (email) is correct and that you recognize any recovery contact details.
- Profile and friends: look for spam activity, strange messages, or new friends you did not add. Tell close friends not to trust recent links or trade offers if your account was used to message them.
- Privacy and sharing: tighten privacy settings temporarily if you suspect ongoing targeting.
- Linked services: if you connected PSN to other services, unlink anything you do not recognize and change passwords on those services too.
If you cannot sign in
If you are locked out, the fastest path is usually a password reset. If that fails, you will need PlayStation Support. Avoid paying third parties or sharing sensitive information with anyone claiming they can "recover" your account.
Try password reset
- Try the official password reset flow (above) and check spam/junk folders.
- Search your inbox for older PlayStation emails. They can confirm which sign-in ID (email) was on the account before the takeover.
- If you do not control the email account anymore, you must recover the email first or use support to validate ownership.
If your sign-in ID was changed
Attackers often change the sign-in ID (your login email) to break password reset. If that happened:
- Look for an email from PlayStation about the sign-in ID change. Save it.
- Check whether you can still sign in with your original email. Sometimes the change is pending or reversed after recovery steps.
- Go to support quickly. The longer an attacker has control, the more likely they are to change recovery details and make ownership harder to prove.
If 2SV is blocking you
- If you have backup codes saved, use them.
- If your phone number changed or you lost your authenticator device, you will likely need support to regain access.
Contact PlayStation Support
Do not: pay anyone claiming they can "recover" your PSN account by hacking. Only Sony can restore account access.
Contact official PlayStation Support using the country selector on PlayStation Support. Be prepared to prove you are the account owner. Requirements vary by region.
Support teams often ask for details like these (not all will be required):
- Your Online ID and the email/sign-in ID used on the account (current and previous, if it was changed).
- Recent purchase information: order numbers from email receipts, or approximate transaction dates and amounts.
- Console details: which PlayStation console you use and, in some cases, serial number information.
- Billing details for the payment method on file (never send your full card number over email or chat).
If your recovery attempt is failing and you want a general framework, see what to do if you can't recover a hacked account for escalation guidance and what to document.
Watch out for PSN recovery scams
Scammers target people who are locked out of gaming accounts. If someone DMs you claiming they can "recover" your PSN by hacking, that is almost always a scam. Only Sony can restore access to a PlayStation account.
See why you should not hire a random hacker online if you are getting pressured to pay for recovery.
After you recover access: harden your PSN so it does not happen again
Recovery is only half the job. Attackers often come back within days if they still have a foothold (reused passwords, email access, or an already-trusted device). Do these hardening steps right after you regain control.
- Keep 2SV enabled and keep your backup codes stored offline.
- Use unique passwords for PSN, email, and any payment accounts, ideally with a password manager.
- Review account access periodically: unfamiliar devices, console activation, and sign-in alerts.
- Lock down your console with a passcode or user restrictions, especially if you share a household console.
- Stay skeptical of messages asking you to log in, scan a QR code, or "verify" your account outside official PlayStation pages.
For a deeper security checklist, continue with how to secure your PlayStation Network (PSN) account.