Apple stops password resets after iCloud hack

AppleID password resets are suspended following the hack of journalist Mat Honan’s iCloud account

Apple has suspended AppleID password resets following the hack of journalist Mat Honan's iCloud account.

The company has told its support staff not to process password change requests that come in via the phones. An Apple customer service representative told Wired that Apple was halting all AppleID password resets by phone.

According to the Wired source, the password freeze will last at least 24 hours while the company performs system-wide "maintenance updates".

It is still possible to change AppleID passwords at appleid.apple.com.

As we reported yesterday, Apple has admitted that its "internal policies were not followed completely" in the case that enabled hackers to access Honan's iCloud account.

According to Honan, the hackers called Apple, gave his name, address and the last four digits of his credit card (which they got from Amazon). Apple technical support reset his iCloud account and issued a temporary password.

Amazon has also made security changes following the hack. Previously it was possible for a hacker to access an account with just the name, email address, and mailing address of a customer. The changes have closed this loophole, reports suggest.

Follow Karen Haslam on Twitter / Follow MacworldUK on Twitter

Related:

Apple admits fault in iCloud hack situation

How Did Apple Allow Hackers to Access iCloud Account?

Apple and Amazon Hacks: How to Minimize Your Risk

Comments

Emmanuel

1

I think the phrase is a day late and a dollar short. It nice to see they may have learned from their mistakes, but we all better. This is kind of a sad story, but I hope it serves as a kick in the pants that some companies and individuals need kick this complacent attitude about authentication and passwords. An article I found posted on telesign.com mentioned some other good points about how we all need to be more proactive about our personal account security. Take a look: http://www.telesign.com/news-and-events/blog/5-easy-password-best-pratices-to-protect-yourself-from-a-hack

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Secure, identity-based protection for your endpoints

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »