Amazon and Apple have taken serious steps today in responding to news of how Mat Honan was hacked, which was done not with brute-force but by using social engineering to trick Apple and Amazon support staff to give out various pieces of information and reset some passwords. Amazon reacted first and arguably more decisively by enacting a new security policy of no longer allowing users to change account settings (such as credit card information and email addresses) via the phone.
Apple has meanwhile enacted a 24-hour freeze on resetting account passwords over the phone whilst they review their security practices. When Wired then tried to reset an AppleID password through Apple support staff on the phone, the representative said “Right now, our system does not allow us to reset passwords. I don’t know why”.
An Apple worker with knowledge of the situation, speaking on condition of anonymity, told Wired that the over-the-phone password freeze would last at least 24 hours. The employee speculated that the freeze was put in place to give Apple more time to determine what security policies needed to be changed, if any.
