PlayStation 5 BootROM Keys Leaked, Opening Door to Permanent Jailbreaks and Piracy Hackers have successfully extracted the BootROM (Level 0) keys for the PlayStation 5, a critical security breach that allows decryption of the console’s bootloader and full control over software execution. Discovered in late 2025, the leak effectively "cracks" the PS5’s hardware-level protections, making it nearly impossible for Sony to patch without releasing a new hardware revision. While immediate impacts are limited, the long-term consequences are significant. The exposed keys will accelerate the development of custom firmware, unlicensed game backups, and emulation tools, with experts predicting a surge in mass piracy by 2026. Emulation efforts—including potential improvements to projects like ShadPS4—will also benefit, as the keys simplify replicating the PS5’s boot process and decrypting game loaders. For legitimate users, the breach enables homebrew development and personal backups, but it also paves the way for permanently jailbroken consoles, increasing the risk of unauthorized software distribution. Sony is expected to respond with legal action against leakers and hack developers, as well as bans for cracked consoles and accounts on the PlayStation Network. The incident may also prompt Sony to release a revised PS5 hardware model in 2026, though the fate of the PlayStation 5 Pro remains uncertain—if it shares the same BootROM keys, it too could require an update. Despite the security failure, the PS5 remains one of the most successful consoles of its generation, with legitimate users still far outnumbering pirates.

On October 3, 2023, Sony Interactive Entertainment (SIE) disclosed a data breach stemming from an exploit in Progress Software’s MOVEit Transfer platform, a third-party vendor tool used by the company. The incident, which occurred on May 28, 2023, involved unauthorized downloads of files containing personal information of former employees and their family members. While the exact scope of the breach—including the number of affected individuals and the specific types of compromised data—remains undisclosed, the exposure primarily targeted internal employee records.The breach was part of a broader zero-day vulnerability campaign exploiting MOVEit Transfer, impacting multiple organizations globally. SIE confirmed that the incident did not affect its gaming services, customer data, or business operations, but the exposure of former employees' and dependents' personal details—such as names, addresses, or potentially sensitive identifiers—poses risks of identity theft, phishing, or fraud. The company stated it is notifying impacted individuals and offering support measures, though the delayed disclosure (nearly five months after the breach) raised concerns about transparency and incident response protocols.