Apple freezes AppleID password resets requested over the phone

Move comes after the hack of a Wired reporter's AppleID and Amazon accounts, leading to the loss of Gmail and Twitter accounts and multiple device wipes.

Steven Musil Night Editor / News

Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.

Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.

See full bio

Steven Musil

Aug. 7, 2012 6:45 p.m. PT

2 min read

Apple has reportedly stopped taking AppleID password resets requests over the phone, following the account hack of a technology reporter over the weekend.

An unnamed Apple employee told Wired that the ban would remain in effect for at least 24 hours and speculated that the freeze was instituted to give Apple more time to determine what security policy changes, if any, were necessary.

That information was apparently corroborated by an Apple customer representative who said Apple had halted all AppleID resets requested over the phone. The explanation came as Wired was attempting to replicate a hacker's exploitation of the Apple system that led to the led to identity theft of Wired's Mat Honan.

The replication attempt failed because of systemwide "maintenance updates" that prevented password resets over the phone, the representative told Wired, suggesting they call back in 24 hours or try changing the password themselves on the Web at iforgot.apple.com.

"Right now, our system does not allow us to reset passwords," an AppleCare employee told Wired. "I don't know why."

CNET has contacted Apple for comment and will update this report when we learn more.

Honan's online existence was compromised last week by a hacker who used his AppleCare and Amazon IDs, along with his billing address and last four digits of his credit card to take control of his various online accounts. In a blog post Friday, he said an AppleCare representative fell prey to some social engineering, leading to the sabotage of Honan's online life -- with his Google and Twitter accounts being deleted and his MacBook, iPad, and iPhone being wiped clean.

Saying that its "own internal policies were not followed completely," an Apple representative told Wired yesterday that the company was "reviewing all of our processes for resetting account passwords to ensure our customers' data is protected."

Amazon responded yesterday by closing the same exploit in its own system, a company representative confirmed today.