Apple Freezes All Phone Requests To Change AppleID Passwords

Apple Freezes All Phone Requests To Change AppleID Passwords

Use this, instead of a phone call, to reset your password for now.

Yesterday, we reported on Apple’s response to Mat Honan’s “epic” AppleID, Amazon, and Twitter account hack. Basically, the company released a statement to Wired saying that the company would investigate the issue fully, as well as noting that its “own internal policies were not followed completely.”

Today, according to Wired, Apple ordered support staff to stop processing AppleID password changes over the phone. Wired claims that an Apple worker with knowledge of the situation, who required anonymity, told them that the freeze was planned for at least 24 hours. This same worker speculated that Apple put the hold in place to give Apple time to figure out what to change and how to do so.

Essentially, the hackers were able to call Apple, reset the password for Honan’s AppleID over the phone, knowing only his name, his email address, mailing address, and the four digits of a credit card number linked to his AppleID, all of which are fairly easy to find on the web. Or, as in the case of the last four digits of a credit card number, from Amazon.

Amazon also tightened security, closing it’s own security holes, which had been exploited in the current case.

Once the hackers had Honan’s AppleID, they were able to remotely wipe his iPhone, iPad, and MacBook, and hop into Honan’s .Me email account, which then allowed access to his Google account, his (and Gizmodo’s) Twitter accounts – which Honan believes to be the main reason the accounts were hacked in the first place.

Apple is referring customers who need to reset their passwords to iforgot.apple.com or appleid.apple.com, the web-based system that wasn’t used in Honan’s hack last week.

Ultimately, the lesson to learn here is about security practices we all have. To keep things as safe as possible, it’s up to us personally to not interlink accounts, lessen the reliance we have on one login account, whether it be Google, Facebook, or Apple.

Related
  • testmail

    asd

  • testmail

    If it’s possessive it’s just “ITS” but if it’s a contraction it’s “IT’S”

  • Jonathan Ober

    Grammar police wheeeup wheeeeeoop der der der wooo wooo ern ern blip

  • Eduardo Bermudez-Garcia

    And to backup regularly… Remember. What’s incredible about all this is that a writer from Wired magazine does no backups. Not even using Time Macine.

About the author

Rob LeFebvreAnchorage, Alaska-based freelance writer and editor Rob LeFebvre is Cult of Mac's Culture Editor. He has contributed to various tech, gaming and iOS sites, including 148Apps, VentureBeat, and Paste Magazine. Feel free to find Rob on Twitter @roblef

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , , , |