By using this site, you agree to our Privacy Policy and our Terms of Use. Close
Zkuq on 07 March 2026
Edit Thread
DekutheEvilClown said:

This article is kind of trash. He says he “hacked” his own account in 30 minutes when he actually just did an account recovery with a bot that requested information from him that only he should have access to. He provided an order number from a transaction, he would only have that if he has access to the account already or access to the email address it’s registered to.

So to use this exploit they need to come to your house to find the serial number on your hardware, have access to your credit card details or have access to your email. Any one of those would be a massive problem in an of itself, and your PlayStation account is probably not the only thing in danger.


Having said that, there should be an additional layer of security for this type of recovery.

An order number is definitely not something that should be considered something to be kept secret. Unlike with credit card numbers, no one tells you it's something you should keep secret, and it's not common knowledge either. In fact, I would expect people to share screenshots of their purchases - order numbers included - fairly commonly. Designing any security measures to utilize order numbers is just stupid. I'm paranoid enough to not share anything like order numbers, but if you're designing security measures and don't account for people doing things like that, I'd argue you're failing at security. Security needs to account for the things people do, and yes, that includes stupid things too, within reason at least (so at least ensuring people know what they should keep secret).

The same goes for console serial numbers, although probably to a lesser extent, so it might be less bad to use as a security measure.

I think this is all on Sony. They're simply using information for purposes it shouldn't be used for.