A few days back, Wired’s Mat Honan described a terrible incident in which his iCloud account was hacked, and his Apple devices remote wiped. The hackers had exploited gaps in Apple and Amazon’s phone-based security system to destroy reporter’s digital life.
Wired reports that Apple has temporarily suspended the over-the-phone Apple ID password reset process to prevent more such hacks now that the method has become public.
Apple issued a statement to Wired noting the change in policy:
“We’ve temporarily suspended the ability to reset Apple ID passwords over the phone,” Apple spokesperson Natalie Kerris told Wired via email. “We’re asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com).
“This system can reset a password in one of two ways – either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up. When we resume over-the-phone password resets, customers will be required to provide even stronger identify verification to reset their password.”
Wired verified the change by giving AppleCare a call, during which they were told that telephonic Apple ID password resets are temporarily disabled.
The whole incident is pretty scary because it wasn’t just Honan’s online data that got destroyed, but also the local data stored on his MacBook and iPhone.
Wired reports that Amazon also plugged the security hole in its phone-based system that also contributed to the hacking of Honan’s account. The company’s policy change means you can no longer change email addresses or credit cards tied to your Amazon account via phone.