Apple Temporarily Halts Over-the-Phone iCloud Password Resets [Updated]

[MacRumors]

Wired reports that Apple has ordered its support staff to temporarily stop processing AppleID password changes over the phone.

The move is a response to the experience of Wired reporter Mat Honan who had his iCloud account hacked which resulted in the remote-wipe of his iPhone, iPad and MacBook Air.

An Apple worker with knowledge of the situation, speaking on condition of anonymity, told Wired that the over-the-phone password freeze would last at least 24 hours. The employee speculated that the freeze was put in place to give Apple more time to determine what security policies needed to be changed, if any.

Wired was able to confirm the policy change by calling Apple Support and attempting to reset the password on an iCloud account.

Meanwhile, Amazon has also changed their policy in the wake of the hacking report. Amazon no longer allows people to call in and change their credit card or email address settings. Hackers had taken advantage of Amazon's policies in order to expose the last four digits of Honan's credit card which was then used to take over his iCloud account.

Update: Apple has issued a statement to Wired confirming the suspension of password resets over the phone and promising greater security once the functionality is restored.

"We've temporarily suspended the ability to reset AppleID passwords over the phone," Apple spokesperson Natalie Kerris told Wired via email. "We're asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com).

"This system can reset a password in one of two ways - either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up. When we resume over the phone password resets, customers will be required to provide even stronger identify verification to reset their password."

Article Link: Apple Temporarily Halts Over-the-Phone iCloud Password Resets [Updated]

 

[SprodeBoy]

Good. Is doing things by calling someone even used anymore?

 

[gregwyattjr]

iCloud feels snappier.

 

[Kwill]

Hello, I'm Tim Cook and I forgot my password. Give me access or you're fired.

 

[GfPQqmcRKUvP]

Can we bring back downvotes? I like expressing my displeasure with certain posts.

 

[TheJae]

great more inconvenience if we do indeed lose our password....

 

[Tortri]

I found out amazon did this over a year ago, pointed it out to them and they did nothing. Now that word has gotten out... Ohh now we have to do something about it.

And because of this I use different passwords and two way authentication on anything important.

Thanks amazon.

 

[KdParker]

Looks like there is some truth to the story. Plus not sure why you would want to call to have a password reset when you can just do it online.

 

[SprodeBoy]

Can we bring back downvotes? I like expressing my displeasure with certain posts.

So I can downvote your comment. We all miss downvotes but asking for them to bring it back in a news post won't do anything. Are there contact us email options?

 

[koobcamuk]

Good; it's a huge security flaw.

My advice to everyone, is to use at least TimeMachine, and to disable remote wipe of your macbook. It'd be more useful to use logmein or teamviewer.

Backup is the most important step.

Then backup.

Then backup the backup.

 

[biscuitsxluv]

Well, set up a password you won't forget.

I think this is good.

 

[SprodeBoy]

Backup is the most important step.

Then backup.

Then backup the backup.

As a video editor, that was a description of my life.

 

[arian19]

They should have targeted Tim Cooks account instead of the reporters... I'm sure he uses amazon.

 

[k3roro]

Glad that both companies are so quick to act.

 

[AngerDanger]

Finally, that'll put an end to all this social engineering hacking!

 

[ikramerica]

Why would you turn off remote wipe? If you back up, you are safe. Remote wipe is a safety feature you should not turn off. Why?

Which is more likely...

1. Someone hacks into your iCloud and remote wipes your laptop. If backed up with Time Machine or a clone, result is a day to restore it. Your data is still secure.

2. Someone steals your laptops (or you lose it) and they access your files because even if you use passwords, they have unlimited access to the machine and can find ways around it and you can't remote wipe it because you have it turned off. Your data is insecure.

Not only is 2 more likely to happen as only a hacker with a vendetta would remote wipe your machine and alert you to their access to your account, but scenario 2 leaves you more exposed.

 

[jesselu10]

Probably no coincidence this support topic was updated today: http://support.apple.com/kb/TS3988

 

[koobcamuk]

As a video editor, that was a description of my life.

As someone writing a Post-doctoral Thesis, it was the story of my life... every ten minutes

 

[GenesisST]

I wish they would separate Find my iPhone/Mac from remove wipe. Unless I missed a setting somewhere...

 

[TeeJayEm]

I don't think this guy should get credit as being a hacker; social engineer is more accurate.

 

[scarred]

Then backup the backup.

Any advice on the best way to backup a time capsule?

 

[Gregintosh]

iCloud feels snappier.

Do you have the LG or the Samsung one? I am going to exchange mine.

 

[koolmagicguy]

Good. Is doing things by calling someone even used anymore?

Is English used even by you?

 

[pwhitehead]

Apple pulls the O **** handle when their at fault that deals with a high profile person in the media; god for bid if its an issue with the average user.

 

[Music_Producer]

As a video editor, that was a description of my life.

As someone who values their family iphoto library the most, I am ultra paranoid - backups, double backups, put one hard drive in a fireproof safe, etc .I can't imagine how media people/IT folks deal with this.. what a headache.