Apple Temporarily Halts Over-the-Phone iCloud Password Resets [Updated]

MacRumors

macrumors bot
Original poster
Apr 12, 2001
46,812
8,970





Wired reports that Apple has ordered its support staff to temporarily stop processing AppleID password changes over the phone.

The move is a response to the experience of Wired reporter Mat Honan who had his iCloud account hacked which resulted in the remote-wipe of his iPhone, iPad and MacBook Air.
An Apple worker with knowledge of the situation, speaking on condition of anonymity, told Wired that the over-the-phone password freeze would last at least 24 hours. The employee speculated that the freeze was put in place to give Apple more time to determine what security policies needed to be changed, if any.
Wired was able to confirm the policy change by calling Apple Support and attempting to reset the password on an iCloud account.

Meanwhile, Amazon has also changed their policy in the wake of the hacking report. Amazon no longer allows people to call in and change their credit card or email address settings. Hackers had taken advantage of Amazon's policies in order to expose the last four digits of Honan's credit card which was then used to take over his iCloud account.

Update: Apple has issued a statement to Wired confirming the suspension of password resets over the phone and promising greater security once the functionality is restored.
"We've temporarily suspended the ability to reset AppleID passwords over the phone," Apple spokesperson Natalie Kerris told Wired via email. "We're asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com).

"This system can reset a password in one of two ways - either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up. When we resume over the phone password resets, customers will be required to provide even stronger identify verification to reset their password."
Article Link: Apple Temporarily Halts Over-the-Phone iCloud Password Resets [Updated]
 

Kwill

macrumors 68000
Mar 10, 2003
1,595
1
Hello, I'm Tim Cook and I forgot my password. Give me access or you're fired. :rolleyes:
 

Tortri

macrumors 6502a
Aug 30, 2010
759
9
I found out amazon did this over a year ago, pointed it out to them and they did nothing. Now that word has gotten out... Ohh now we have to do something about it.

And because of this I use different passwords and two way authentication on anything important.

Thanks amazon.
 

KdParker

macrumors 601
Oct 1, 2010
4,793
992
Everywhere
Looks like there is some truth to the story. Plus not sure why you would want to call to have a password reset when you can just do it online.
 

koobcamuk

macrumors 68040
Oct 23, 2006
3,189
9
Good; it's a huge security flaw.

My advice to everyone, is to use at least TimeMachine, and to disable remote wipe of your macbook. It'd be more useful to use logmein or teamviewer.

Backup is the most important step.

Then backup.

Then backup the backup.
 

arian19

macrumors 6502
Jul 9, 2008
364
58
They should have targeted Tim Cooks account instead of the reporters... I'm sure he uses amazon.
 

ikramerica

macrumors 6502
Apr 10, 2009
386
358
Why would you turn off remote wipe? If you back up, you are safe. Remote wipe is a safety feature you should not turn off. Why?

Which is more likely...

1. Someone hacks into your iCloud and remote wipes your laptop. If backed up with Time Machine or a clone, result is a day to restore it. Your data is still secure.

2. Someone steals your laptops (or you lose it) and they access your files because even if you use passwords, they have unlimited access to the machine and can find ways around it and you can't remote wipe it because you have it turned off. Your data is insecure.

Not only is 2 more likely to happen as only a hacker with a vendetta would remote wipe your machine and alert you to their access to your account, but scenario 2 leaves you more exposed.
 

TeeJayEm

macrumors regular
Mar 28, 2008
104
0
I don't think this guy should get credit as being a hacker; social engineer is more accurate.
 

pwhitehead

macrumors 6502
Jul 19, 2011
338
99
new jersey
Apple pulls the O **** handle when their at fault that deals with a high profile person in the media; god for bid if its an issue with the average user.
 

Music_Producer

macrumors 68000
Sep 25, 2004
1,626
0
As a video editor, that was a description of my life.
As someone who values their family iphoto library the most, I am ultra paranoid - backups, double backups, put one hard drive in a fireproof safe, etc .I can't imagine how media people/IT folks deal with this.. what a headache.