Apple Temporarily Halts Over-the-Phone iCloud Password Resets [Updated]

MacRumors · Aug 7, 2012, 08:07 PM

Wired reports that Apple has ordered its support staff to temporarily stop processing AppleID password changes over the phone.

The move is a response to the experience of Wired reporter Mat Honan who had his iCloud account hacked which resulted in the remote-wipe of his iPhone, iPad and MacBook Air.

Quote:

An Apple worker with knowledge of the situation, speaking on condition of anonymity, told Wired that the over-the-phone password freeze would last at least 24 hours. The employee speculated that the freeze was put in place to give Apple more time to determine what security policies needed to be changed, if any.

Wired was able to confirm the policy change by calling Apple Support and attempting to reset the password on an iCloud account.

Meanwhile, Amazon has also changed their policy in the wake of the hacking report. Amazon no longer allows people to call in and change their credit card or email address settings. Hackers had taken advantage of Amazon's policies in order to expose the last four digits of Honan's credit card which was then used to take over his iCloud account.

Update: Apple has issued a statement to Wired confirming the suspension of password resets over the phone and promising greater security once the functionality is restored.

Quote:

"We've temporarily suspended the ability to reset AppleID passwords over the phone," Apple spokesperson Natalie Kerris told Wired via email. "We're asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com).

"This system can reset a password in one of two ways - either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up. When we resume over the phone password resets, customers will be required to provide even stronger identify verification to reset their password."

Article Link: Apple Temporarily Halts Over-the-Phone iCloud Password Resets [Updated]

SprodeBoy · 08:12 PM

Good. Is doing things by calling someone even used anymore?

gregwyattjr · Aug 7, 2012, 08:10 PM

iCloud feels snappier.

Kwill · Aug 7, 2012, 08:11 PM

Hello, I'm Tim Cook and I forgot my password. Give me access or you're fired.

Badandy · Aug 7, 2012, 08:11 PM

Can we bring back downvotes? I like expressing my displeasure with certain posts.

TheJae · Aug 7, 2012, 08:12 PM

great more inconvenience if we do indeed lose our password....

Tortri · Aug 7, 2012, 08:12 PM

I found out amazon did this over a year ago, pointed it out to them and they did nothing. Now that word has gotten out... Ohh now we have to do something about it.

And because of this I use different passwords and two way authentication on anything important.

Thanks amazon.

KdParker · Aug 7, 2012, 08:12 PM

Looks like there is some truth to the story. Plus not sure why you would want to call to have a password reset when you can just do it online.

SprodeBoy · Aug 7, 2012, 08:13 PM

Quote:

Originally Posted by Badandy

Can we bring back downvotes? I like expressing my displeasure with certain posts.

So I can downvote your comment. We all miss downvotes but asking for them to bring it back in a news post won't do anything. Are there contact us email options?

koobcamuk · Aug 7, 2012, 08:15 PM

Good; it's a huge security flaw.

My advice to everyone, is to use at least TimeMachine, and to disable remote wipe of your macbook. It'd be more useful to use logmein or teamviewer.

Backup is the most important step.

Then backup.

Then backup the backup.

MacGurl111 · Aug 7, 2012, 08:15 PM

Well, set up a password you won't forget.

I think this is good.

SprodeBoy · Aug 7, 2012, 08:16 PM

Quote:

Originally Posted by koobcamuk

Backup is the most important step.

Then backup.

Then backup the backup.

As a video editor, that was a description of my life.

arian19 · Aug 7, 2012, 08:17 PM

They should have targeted Tim Cooks account instead of the reporters... I'm sure he uses amazon.

nerdpov · Aug 7, 2012, 08:23 PM

Glad that both companies are so quick to act.

Fresh Pie · Aug 7, 2012, 08:24 PM

Finally, that'll put an end to all this social engineering hacking!

ikramerica · Aug 7, 2012, 08:33 PM

Why would you turn off remote wipe? If you back up, you are safe. Remote wipe is a safety feature you should not turn off. Why?

Which is more likely...

1. Someone hacks into your iCloud and remote wipes your laptop. If backed up with Time Machine or a clone, result is a day to restore it. Your data is still secure.

2. Someone steals your laptops (or you lose it) and they access your files because even if you use passwords, they have unlimited access to the machine and can find ways around it and you can't remote wipe it because you have it turned off. Your data is insecure.

Not only is 2 more likely to happen as only a hacker with a vendetta would remote wipe your machine and alert you to their access to your account, but scenario 2 leaves you more exposed.

jesselu10 · Aug 7, 2012, 08:35 PM

Probably no coincidence this support topic was updated today: http://support.apple.com/kb/TS3988

koobcamuk · 10:10 PM

Quote:

Originally Posted by SprodeBoy

As a video editor, that was a description of my life.

As someone writing a Post-doctoral Thesis, it was the story of my life... every ten minutes

GenesisST · Aug 7, 2012, 08:36 PM

I wish they would separate Find my iPhone/Mac from remove wipe. Unless I missed a setting somewhere...

TeeJayEm · Aug 7, 2012, 08:41 PM

I don't think this guy should get credit as being a hacker; social engineer is more accurate.

scarred · Aug 7, 2012, 08:45 PM

Quote:

Originally Posted by koobcamuk

Then backup the backup.

Any advice on the best way to backup a time capsule?

Gregintosh · Aug 7, 2012, 08:46 PM

Quote:

Originally Posted by gregwyattjr

iCloud feels snappier.

Do you have the LG or the Samsung one?

I am going to exchange mine.

koolmagicguy · Aug 7, 2012, 08:50 PM

Quote:

Originally Posted by SprodeBoy

Good. Is doing things by calling someone even used anymore?

Is English used even by you?

pwhitehead · Aug 7, 2012, 08:58 PM

Apple pulls the O **** handle when their at fault that deals with a high profile person in the media; god for bid if its an issue with the average user.

Music_Producer · Aug 7, 2012, 09:07 PM

Quote:

Originally Posted by SprodeBoy

As a video editor, that was a description of my life.

As someone who values their family iphoto library the most, I am ultra paranoid - backups, double backups, put one hard drive in a fireproof safe, etc .I can't imagine how media people/IT folks deal with this.. what a headache.

Aug 7, 2012, 08:10 PM	#2
SprodeBoy macrumors member Join Date: Mar 2012 Location: Mankato, Minnesota	Good. Is doing things by calling someone even used anymore? Last edited by SprodeBoy; Aug 7, 2012 at 08:12 PM. Reason: Typo
	2

Aug 7, 2012, 08:11 PM	#4
Kwill macrumors 65816 Join Date: Mar 2003	Hello, I'm Tim Cook and I forgot my password. Give me access or you're fired. __________________ o ::::: • ∞ • :::::::: @ClinicalPosters
	7

Aug 7, 2012, 08:11 PM	#5
Badandy macrumors 68030 Join Date: Sep 2005 Location: Terminus	Can we bring back downvotes? I like expressing my displeasure with certain posts. __________________ 2012 13" Macbook Air: 1.8, 128 SSD, 8GB RAM iPhone 4S 32GB (Black)
	42

Aug 7, 2012, 08:12 PM	#6
TheJae macrumors member Join Date: Mar 2008 Location: HKG	great more inconvenience if we do indeed lose our password.... __________________ 15" MBP, 2.16 GHz, 2 GB RAM, 100 GB HD @ 7200rpm; 8 GB iPhone 1G; 60 GB iPod Video; 120 GB iPod Classic
	0

Aug 7, 2012, 08:12 PM	#8
KdParker macrumors 68000 Join Date: Oct 2010	Looks like there is some truth to the story. Plus not sure why you would want to call to have a password reset when you can just do it online. __________________ 16g iPhone5 Black ; 16g iPhone5 White; 15" retina - MBP 2.6 GHZ 16 RAM; iPad4 retina
	1

Aug 7, 2012, 08:10 PM	#3
gregwyattjr macrumors regular Join Date: Oct 2008	iCloud feels snappier.
	7

Aug 7, 2012, 08:12 PM	#7
Tortri macrumors 6502 Join Date: Aug 2010	I found out amazon did this over a year ago, pointed it out to them and they did nothing. Now that word has gotten out... Ohh now we have to do something about it. And because of this I use different passwords and two way authentication on anything important. Thanks amazon.
	1

Aug 7, 2012, 08:15 PM	#10
koobcamuk macrumors 68040 Join Date: Oct 2006	Good; it's a huge security flaw. My advice to everyone, is to use at least TimeMachine, and to disable remote wipe of your macbook. It'd be more useful to use logmein or teamviewer. Backup is the most important step. Then backup. Then backup the backup. __________________ Flickr® \| Life in Japan \| Backup your Mac, NOW!!
	6

Aug 7, 2012, 08:15 PM	#11
MacGurl111 macrumors 6502 Join Date: Feb 2010	Well, set up a password you won't forget. I think this is good. __________________ The reason we struggle with insecurity is because we compare our behind-the-scenes with everyone else's highlight reel. -Steve Furtick
	0

Aug 7, 2012, 08:17 PM	#13
arian19 macrumors regular Join Date: Jul 2008	They should have targeted Tim Cooks account instead of the reporters... I'm sure he uses amazon. __________________ Cool Starry Bra
	4

Aug 7, 2012, 08:23 PM	#14
nerdpov macrumors 6502 Join Date: Aug 2010	Glad that both companies are so quick to act. __________________ iPhone 5 MacBook Air 2011 11''
	2

Aug 7, 2012, 08:24 PM	#15
Fresh Pie macrumors 6502 Join Date: Dec 2008 Location: Vermontpelier	Finally, that'll put an end to all this social engineering hacking! __________________ Siri and I have the same approach
	2

Aug 7, 2012, 08:33 PM	#16
ikramerica macrumors member Join Date: Apr 2009	Why would you turn off remote wipe? If you back up, you are safe. Remote wipe is a safety feature you should not turn off. Why? Which is more likely... 1. Someone hacks into your iCloud and remote wipes your laptop. If backed up with Time Machine or a clone, result is a day to restore it. Your data is still secure. 2. Someone steals your laptops (or you lose it) and they access your files because even if you use passwords, they have unlimited access to the machine and can find ways around it and you can't remote wipe it because you have it turned off. Your data is insecure. Not only is 2 more likely to happen as only a hacker with a vendetta would remote wipe your machine and alert you to their access to your account, but scenario 2 leaves you more exposed.
	2

Aug 7, 2012, 08:35 PM	#17
jesselu10 macrumors newbie Join Date: Jun 2007	Probably no coincidence this support topic was updated today: http://support.apple.com/kb/TS3988
	0

Aug 7, 2012, 08:36 PM	#19
GenesisST macrumors 6502a Join Date: Jan 2006 Location: Where I live	I wish they would separate Find my iPhone/Mac from remove wipe. Unless I missed a setting somewhere... __________________ But it does me no injury for my neighbor to say he has an Android phone, an iPhone or no phone. It neither picks my pocket nor breaks my leg. - Thomas Jefferson
	0

Aug 7, 2012, 08:41 PM	#20
TeeJayEm macrumors regular Join Date: Mar 2008	I don't think this guy should get credit as being a hacker; social engineer is more accurate.
	1

Aug 7, 2012, 08:58 PM	#24
pwhitehead macrumors member Join Date: Jul 2011 Location: new jersey	Apple pulls the O **** handle when their at fault that deals with a high profile person in the media; god for bid if its an issue with the average user.
	1

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode