New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

Apple Temporarily Halts Over-the-Phone iCloud Password Resets [Updated]

Wired reports that Apple has ordered its support staff to temporarily stop processing AppleID password changes over the phone.

The move is a response to the experience of Wired reporter Mat Honan who had his iCloud account hacked which resulted in the remote-wipe of his iPhone, iPad and MacBook Air.
An Apple worker with knowledge of the situation, speaking on condition of anonymity, told Wired that the over-the-phone password freeze would last at least 24 hours. The employee speculated that the freeze was put in place to give Apple more time to determine what security policies needed to be changed, if any.
Wired was able to confirm the policy change by calling Apple Support and attempting to reset the password on an iCloud account.

Meanwhile, Amazon has also changed their policy in the wake of the hacking report. Amazon no longer allows people to call in and change their credit card or email address settings. Hackers had taken advantage of Amazon's policies in order to expose the last four digits of Honan's credit card which was then used to take over his iCloud account.

Update: Apple has issued a statement to Wired confirming the suspension of password resets over the phone and promising greater security once the functionality is restored.
“We’ve temporarily suspended the ability to reset AppleID passwords over the phone,” Apple spokesperson Natalie Kerris told Wired via email. “We’re asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com).

“This system can reset a password in one of two ways – either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up. When we resume over the phone password resets, customers will be required to provide even stronger identify verification to reset their password.”

Top Rated Comments

(View all)

29 months ago
Can we bring back downvotes? I like expressing my displeasure with certain posts.
Rating: 42 Votes
29 months ago

great more inconvenience if we do indeed lose our password....


If people are careless enough to A) lose their passwords and B) forget the answers to their security questions, they deserve to be tremendously inconvenienced while they try to prove their identities. Why should everybody else's identities be more vulnerable because some people are stupid?
Rating: 8 Votes
29 months ago
iCloud feels snappier.
Rating: 7 Votes
29 months ago
Hello, I'm Tim Cook and I forgot my password. Give me access or you're fired. :rolleyes:
Rating: 7 Votes
29 months ago
Good; it's a huge security flaw.

My advice to everyone, is to use at least TimeMachine, and to disable remote wipe of your macbook. It'd be more useful to use logmein or teamviewer.

Backup is the most important step.

Then backup.

Then backup the backup.
Rating: 6 Votes
29 months ago



Backup is the most important step.

Then backup.

Then backup the backup.


As a video editor, that was a description of my life.
Rating: 5 Votes
29 months ago

Can we bring back downvotes? I like expressing my displeasure with certain posts.


So I can downvote your comment. We all miss downvotes but asking for them to bring it back in a news post won't do anything. Are there contact us email options?
Rating: 4 Votes
29 months ago
They should have targeted Tim Cooks account instead of the reporters... I'm sure he uses amazon.
Rating: 4 Votes
29 months ago

Good. Is doing things by calling someone even used anymore?


Is English used even by you?
Rating: 4 Votes
29 months ago

As a video editor, that was a description of my life.


As someone writing a Post-doctoral Thesis, it was the story of my life... every ten minutes ;)
Rating: 3 Votes

[ Read All Comments ]