Apple halts over-the-phone password reset after iCloud hack
Apple has reportedly stopped resetting passwords over the phone, following a devastating iCloud hack.
Apple appears to have halted over-the-phone password resets, following aon the company's iCloud services.
The iPad-maker has ordered its support staff to stop resetting lost passwords over the phone, Wired reports. The move that will supposedly last at least 24 hours as Apple scrambles to review its security policies, after journalist Mat Honan saw his account compromised and his gadgets remotely wiped.
Hackers used a security flaw on Amazon to nab the last four digits of Honan's card, which -- along with an email address and billing address -- was all that was required to get access to his iCloud account over the phone.
Apple said that its "internal policies were not followed completely" in the wake of the security breach, andthat it was "reviewing all of our processes for resetting account passwords to ensure our customers' data is protected."
I wouldn't be surprised if a new security policy was put in place, though we'll have to wait and see what a revised system would look like. Wired reports that an earlier attempt to change a password over the phone saw an Apple rep reply that a serial number for a device linked to the Apple account in question was also required, which seems like a sensible security step to me.
Amazon meanwhile has enforced similar security changes, making it no longer possible to tinker with accounts and do things like changing credit cards or email addresses over the phone.
Apple will need to respond quickly and sensibly to this breach if it wants to maintain customer confidence. For now, you can make yourself more secure online by turning on two-step verification on Gmail or Facebook. On Facebook click Account Settings, then the Security tab, and tick the box marked 'Login Approvals'.
Do you feel safe when cruising the Interweb? Are your personal security measures up to scratch? Tell me in the comments or on our Facebook wall.