Apple freezes over-the-phone password resets for 24 hours in response to hack

By
On August 8, 2012

You might have heard about how Wired Reporter Mat Honan had his iCloud account hacked, which ultimately led to the total wipe of his iPhone, iPad and MacBook Air. Now in response to this case Apple has put a 24 hour hold on over-the-phone AppleID password change requests.

An anonymous source with Apple claims that the call-based password reset freeze will remain in effect for at least 24 hours and speculated the ban is meant to give Apple time to assess the situation, reports Wired. It also appears as if Amazon has changed their security policies as well and will not be allowing over-the-phone account changes any more.

The hackers apparently used several tricks such as  Amazon’s credit card record keeping system, Apple’s user authentication requirements and “social engineering” to gain entry into Honan’s iCloud account.

Monday Apple released a statement which stated that they have found out that their internal policies were not followed completely, however they also added that since the policies require that the person changing the passwords provide an AppleID, physical address and last four credit card digits, and these have all been provided in the case mentioned above, that then the employee would have “absolutely” been operating within Apple’s instituted guidelines.