This post is nothing to do with my day hobby. I'm putting it here as a sort of shout of annoyance into the void and maybe search engines will index it.
Are you sitting comfortably.
A little while ago my Sony PSN account of many MANY years was hacked I believe through social engineering of Sony support. Shit happens. However how the company responds to shit can make things much worse.
Let's contrast two companies. EA (EA Games) and Sony (PSN). Both use Salesforce Marketing Cloud to handle outbound email.
In the case of Sony, recovery of a hacked account may be deliberately restricted by them to be only to the email address the account was initially created with. This is, I think, a way to avoid having to identify the person claiming they want their account back through more labor intensive methods.
Now there is an obvious problem with this system. People who no longer have access to that specific email address (it might be a decade or more old and several emails ago). These people are up a creek without a paddle.
The other edge case is people who are able to restore availability and access to their old email address. Like me. Perhaps it was a vanity domain name. Perhaps it was an alias they can restore. This is where Salesforce Marketing Cloud steps in to ruin their day.
This platform, SFMC, maintains a defunct email address hot list and this hot list is not visible to the people who provide the support to customers. So when the support person says "I'm generating an account reset email" and you don't get it, and it isn't in Trash, or Spam, and it never arrives, it is entirely possible that your email account is being blocked by SalesForce and the most important email you need is just .. dropped on the floor, with no notification to the staff you talk to. Of course support then thinks you are an idiot who cannot search Spam or refuses to believe the email never arrived. Or, worse, suspects you are not whom you say you are.
Now it so happens that EA (EA.com) also has this software vulnerability, and at first I thought I was going to be unable to get an account restoration out of them as well, but they stumbled into a solution. One key is that the support agents do not use SalesForce, or the same salesforce setup, to send the is this you verification emails. So in talking to support, one is able to prove ownership of the named email address that SalesForce may have blocked (they generate a code and you read it back). The other way is the support agents are empowered to add a secondary email to an account (after identification), and with that secondary, clean, email, account access can then be self-granted by normal forgot password procedures.
As a result I am able to get back to my old EA account, which was created and linked to my PSN account, but I'm still unable to recover my PSN account because doing that requires convincing support that they have to find their a Sony SalesForce administrator and get my email unblocked.
If a company wants to help customers recover their accounts with no edge cases it is vital that whatever email method used does not hide that it has NOT in fact emailed the customer.
Top comments (0)