I had a strange situation last night. I did contact support and was able to get a refund, so everything is resolved there, but I'm still wondering how this all could've happened in the first place.
My PS5 was in rest mode, I was sitting near it playing on a different console, when I suddenly got a couple emails saying "Thank you for your purchase". My credit card also showed these two transactions pending. I logged into my account immediately, changed the password, removed the credit card on file, logged out of all devices, and enabled the "ask for password when purchasing" option. When I logged in, I did get the 2fa notification on my phone, so I know it was working. I've since changed it to an app authenticator, but I'm just confused as to how someone could log into my PSN account, buy some games, all without needing an auth code.
When I spoke with support, they said the transactions were made from my Home PS5 console. I guess it matched some kind of ID that a previous purchase I made from there had. Which is odd, since my PS5 was definitely in rest mode when I got these emails and hadn't actually been turned on for a couple weeks.
I'm not really sure what the end game was, since PS+ Essential (why not premium?!) was one of the purchases, wouldn't it just stay linked to my account? So they wouldn't even have access to it once I changed my password.
I guess I'm just wondering 1) why go to the trouble without changing my password and 2) if there's some kind of support channel at Sony where they would be able to look into this further, or do I just have to hope everything I've done now is enough?
My PS5 was in rest mode, I was sitting near it playing on a different console, when I suddenly got a couple emails saying "Thank you for your purchase". My credit card also showed these two transactions pending. I logged into my account immediately, changed the password, removed the credit card on file, logged out of all devices, and enabled the "ask for password when purchasing" option. When I logged in, I did get the 2fa notification on my phone, so I know it was working. I've since changed it to an app authenticator, but I'm just confused as to how someone could log into my PSN account, buy some games, all without needing an auth code.
When I spoke with support, they said the transactions were made from my Home PS5 console. I guess it matched some kind of ID that a previous purchase I made from there had. Which is odd, since my PS5 was definitely in rest mode when I got these emails and hadn't actually been turned on for a couple weeks.
I'm not really sure what the end game was, since PS+ Essential (why not premium?!) was one of the purchases, wouldn't it just stay linked to my account? So they wouldn't even have access to it once I changed my password.
I guess I'm just wondering 1) why go to the trouble without changing my password and 2) if there's some kind of support channel at Sony where they would be able to look into this further, or do I just have to hope everything I've done now is enough?