Following the epic hack that we previously informed you of, Apple has now put a freeze on any over-the-phone password changes for at least 24 hours. This time will allow the company to figure out if implementation of new and improved security measures is required or not and then to put them in place too.
We told you Matt Honan’s story and how the journalist’s digital life was devastated. The hacker who basically created havoc did so via some simple social engineering: he called Amazon, convinced them it was Matt Honan by providing information that was easily obtained (Matt Honan being a somewhat public personality himself), gained access to the journalist’s Amazon account, after which he knew the last 4 digits of his credit card number. This information was then sufficient to convince an Apple employee of his identity and to reset his iCloud password.
Following this disaster, Apple and Amazon have both had to do the once-over of their security policies. Amazon has already fixed the massive security lapse due to which the hack itself was possible. As aforementioned, the hacker placed one simple phone call to Amazon and after providing the name, email address, and home address of Matt Honan, gained access to the account. The company has since made this policy redundant; users can no longer change the email address or gain control over their Amazon accounts with a simple phone call and basic information.
Apple has as yet only placed the freeze. What the company intends to do next remains unclear and no official comment has been made either. A halt has been placed for all AppleID password resets by phone. For those who do need to rest their password, Apple is referring them to websites iforgot.apple.com or applied.apple.com – these are web-based systems not used to hack Honan’s account.
Whether Apple makes a change or not, this brings to attention the very real risk of getting hacked and losing all your documents etc. Make sure all your accounts are as secure as they possibly can be. For instance, make sure you have two-step verification for your Gmail account. Share your thoughts or simply stay updated via our Twitter and Facebook page.