Apple Temporarily Halts Over-the-Phone iCloud Password Resets [Updated]
The move is a response to the experience of Wired reporter Mat Honan who had his iCloud account hacked which resulted in the remote-wipe of his iPhone, iPad and MacBook Air.
An Apple worker with knowledge of the situation, speaking on condition of anonymity, told Wired that the over-the-phone password freeze would last at least 24 hours. The employee speculated that the freeze was put in place to give Apple more time to determine what security policies needed to be changed, if any.Wired was able to confirm the policy change by calling Apple Support and attempting to reset the password on an iCloud account.
Meanwhile, Amazon has also changed their policy in the wake of the hacking report. Amazon no longer allows people to call in and change their credit card or email address settings. Hackers had taken advantage of Amazon's policies in order to expose the last four digits of Honan's credit card which was then used to take over his iCloud account.
Update: Apple has issued a statement to Wired confirming the suspension of password resets over the phone and promising greater security once the functionality is restored.
“We’ve temporarily suspended the ability to reset AppleID passwords over the phone,” Apple spokesperson Natalie Kerris told Wired via email. “We’re asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com).
“This system can reset a password in one of two ways – either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up. When we resume over the phone password resets, customers will be required to provide even stronger identify verification to reset their password.”