Amazon and Apple have changed their policies regarding how customers can change account information over the phone following an identity theft attack on Wired journalist Mat Honan.
According to Wired, Apple froze the ability to reset passwords over the phone for at least 24 hours Tuesday, likely in response to Honan’s highly-publicized ordeal. The move followed a similar decision from Amazon to close a security loophole that allowed anyone to add a credit card number to an Amazon account by providing their name, e-mail address and mailing address.Honan, who used to work for Gizmodo, found Friday that his Apple, Amazon and Google accounts had been broken into and that his iPhone, iPad and MacBook had all been remotely wiped out. He also found someone was tweeting messages to his Twitter account as well as to Gizmodo’s Twitter account.
The people behind the attack were able to do all of this because they got a temporary password for Honan’s iCloud account. As Honan reported, strangers were able to convince an AppleCare representative to send them a password reset link without answering security questions because they had Honan’s name, e-mail address, mailing address and the last four digits of his on-file credit card. And once they were into Honan’s iCloud account, they were able to access several of his other accounts.
After the attack, Apple told Wired that it is reviewing all of its processes for resetting passwords and that it appeared the company’s own internal policies weren’t followed to the letter in this instance.
According to the latest Wired piece, reporters who were able to replicate the methods used in Honan’s attack earlier were stymied by the new precautions.
The attack has highlighted concerns not only about security measures at consumer technology companies, but has also become a cautionary tale for those moving their data to the cloud.
Honan has said that he blames himself for the attack, in part, because he didn’t back up his data. But, as GigaOm’s Derrick Harris pointed out, the breach has further lessons for the average consumer contemplating a move to the cloud.For one, Harris noted, moving data to the cloud — particularly one that’s tied to hardware — means that users are giving over a lot of trust to companies to safeguard their data.
This is a common complaint from cloud critics, who say that consumers are moving too quickly when it comes to relinquishing control of their own data to other companies. That’s exactly the sentiment that Apple co-founder Steve Wozniak expressed last week when he said that he expects there will be a lot of “horrible problems” with cloud computing in the future.
While society hammers out the thornier issues of cloud computing, there are some proactive steps you can take to make it more difficult to execute a wide breach of your digital accounts. (Hey, you might as well take control of what you can, right?)
Coming up with different passwords — either through a password manager or on your own — is one common suggestion.