Apple Freezes All Phone Requests To Change AppleID Passwords

By

Use this, instead of a phone call, to reset your password for now.
Use this, instead of a phone call, to reset your password for now.

Yesterday, we reported on Apple’s response to Mat Honan’s “epic” AppleID, Amazon, and Twitter account hack. Basically, the company released a statement to Wired saying that the company would investigate the issue fully, as well as noting that its “own internal policies were not followed completely.”

Today, according to Wired, Apple ordered support staff to stop processing AppleID password changes over the phone. Wired claims that an Apple worker with knowledge of the situation, who required anonymity, told them that the freeze was planned for at least 24 hours. This same worker speculated that Apple put the hold in place to give Apple time to figure out what to change and how to do so.

Essentially, the hackers were able to call Apple, reset the password for Honan’s AppleID over the phone, knowing only his name, his email address, mailing address, and the four digits of a credit card number linked to his AppleID, all of which are fairly easy to find on the web. Or, as in the case of the last four digits of a credit card number, from Amazon.

Amazon also tightened security, closing it’s own security holes, which had been exploited in the current case.

Once the hackers had Honan’s AppleID, they were able to remotely wipe his iPhone, iPad, and MacBook, and hop into Honan’s .Me email account, which then allowed access to his Google account, his (and Gizmodo’s) Twitter accounts – which Honan believes to be the main reason the accounts were hacked in the first place.

Apple is referring customers who need to reset their passwords to iforgot.apple.com or appleid.apple.com, the web-based system that wasn’t used in Honan’s hack last week.

Ultimately, the lesson to learn here is about security practices we all have. To keep things as safe as possible, it’s up to us personally to not interlink accounts, lessen the reliance we have on one login account, whether it be Google, Facebook, or Apple.

Source: Wired

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.