Email security is shit
This is going to be a tale of bullet points because it’s hilarious.
So we got a PS4 Pro for my brother’s birthday. He used to have a PS3 until about 5 years ago when he sold that one. He had an account on the PSN (obviously). This is how signing in to THAT account went:
- “Uh... which email address did I use? I think it was this one...”
- Search the email address for Playstation related emails to confirm that he’d used that one.
- Got it, reset the email address, get an email with the reset link, rejoice.
- Log in, set the PSN account, he’s in!
- Turns out it’s not THAT account. He had a different one.
- More thinking.
- “I think it was this hotmail address.”
- I search for that, and find a couple of emails sent to that from like 8 years ago.
- Kay, we just need to reset it, but we need access to the email address first.
- Let’s reset the password for the email address.
- Outlook says email address no longer exists.
- (´༎ຶД༎ຶ`)
- Meanwhile we are literally a button away from sending the reset email to the email address from the Playstation Network.
- Think...
- Oh, so if it doesn’t exist, we can theoretically sign up with it?
- Yes.
- We now have the old-new email address!
- Send the reset email to the new-old email address from the PSN.
- Receive it.
- Rejoice because information security is dumb.
We technically doxed him and took over his own PSN account. It was hilarious. And bad.