Following the recent well-publicized hack of various online accounts belonging to Wired writer Mat Honan, Apple has reportedly taken the decision to suspend over-the-phone AppleID password changes for at least 24 hours while management at the Cupertino company examines what changes need to be made to its security policies.
Wired reported the news Tuesday evening after being informed by an Apple employee “with knowledge of the situation.”
Apple’s decision to suspend over-the-phone password changes while it reviews its security policies comes as e-commerce giant Amazon moved to change its security procedures, thereby preventing hackers with knowledge of an Amazon customer’s name, e-mail address and mailing address from taking control of their account.
Mat Honan had his entire digital life destroyed “in the space of one hour” over the weekend after hackers gained access to his AppleID, Google and Twitter accounts. They not only erased all the data contained on his iPhone, iPad and MacBook, but also posted racist and homophobic messages via his Twitter account.
In a piece describing his experience, Honan wrote that “in many ways, this was all my fault. My accounts were daisy-chained together.” But at the same time he said that what happened to him exposed “vital security flaws in several customer service systems, most notably Apple’s and Amazon’s.”
It was Apple tech support workers who, over the phone, unwittingly gave hackers access to Honan’s iCloud account. This was achieved after Amazon tech support revealed to hackers four numbers from Honan’s credit card, which they then used with Apple tech support to gain access to Honan’s iCloud account.
“In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification,” Honan wrote.
If reading of Honan’s experience sent a chill down your spine and got you thinking about the way you manage your own online security, you might want to check out this piece by DT’s Andrew Couts offering some ideas on how you can best manage multiple passwords, as well as this article by Geoff Duncan on ways to create a strong password.