Yesterday, we reported on Apple’s response to Mat Honan’s “epic” AppleID, Amazon, and Twitter account hack. Basically, the company released a statement to Wired saying that the company would investigate the issue fully, as well as noting that its “own internal policies were not followed completely.”
Today, according to Wired, Apple ordered support staff to stop processing AppleID password changes over the phone. Wired claims that an Apple worker with knowledge of the situation, who required anonymity, told them that the freeze was planned for at least 24 hours. This same worker speculated that Apple put the hold in place to give Apple time to figure out what to change and how to do so.
Essentially, the hackers were able to call Apple, reset the password for Honan’s AppleID over the phone, knowing only his name, his email address, mailing address, and the four digits of a credit card number linked to his AppleID, all of which are fairly easy to find on the web. Or, as in the case of the last four digits of a credit card number, from Amazon.
Amazon also tightened security, closing it’s own security holes, which had been exploited in the current case.
Once the hackers had Honan’s AppleID, they were able to remotely wipe his iPhone, iPad, and MacBook, and hop into Honan’s .Me email account, which then allowed access to his Google account, his (and Gizmodo’s) Twitter accounts – which Honan believes to be the main reason the accounts were hacked in the first place.
Ultimately, the lesson to learn here is about security practices we all have. To keep things as safe as possible, it’s up to us personally to not interlink accounts, lessen the reliance we have on one login account, whether it be Google, Facebook, or Apple.