Apple and Amazon Act QUICKLY to Fix This Security GAP
Apple (NASDAQ:AAPL) and Amazon (NASDAQ:AMZN) are changing their security policies after hackers targeted and successfully broke into several personal accounts of a journalist. Apple has stopped processing AppleID password changes requests over the phone with immediate effect after the targeted hacking of Wired reporter Mat Honan. According to a company representative, passwords can now only be changed through the iforgot.apple.com website. An Apple employee told Wired the new rule would last at least 24 hours, giving the company time to plan a more permanent change in its security policies.
Don’t Miss: How Many NEW iPhones Will Apple Sell?
Amazon, which also gave away important details from Honan’s account to the hackers, said it no longer supports changing account settings over the phone. Previously, Amazon gave anyone who could provide the name, e-mail address, and mailing address of a customer complete control of the account.
Hackers targeting Honan were able to reset his AppleID password over the phone and gained access to his iCloud account by supplying AppleCare representatives with a name, e-mail address, mailing address, and the last four digits of his credit card number. They received the last four digits of his credit card from Amazon. They then wiped out all data from Honan’s iPhone, iPad, and MacBook and managed to get into his .Me email account, his Google (NASDAQ:GOOG) account, and his Twitter account.
Honan explained the loophole in the two companies’ security policies: “The very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification.”
In a statement issued on Monday, Apple had said it “found that our own internal policies were not followed completely” by representatives when the hacking took place.
Don’t Miss: Will Amazon Deliver a Revolution in Shipping?