Apple has announced that it is temporarily changing the way its users can reset their Apple ID passwords, following the notable hacking of a prominent tech journalist.
Until further notice, Apple users will only be able to reset their passwords online and not over the telephone with an AppleCare specialist; the company is apparently working on a more secure telephone password reset method, and until that method is complete, password resets will be online-only, through the company's iForgot service. The shift in policy comes after two teenage hackers infiltrated the Apple, Twitter and Gmail accounts of Wired writer Mat Honan, posting offensive comments to his Twitter and wiping clean the writer's MacBook Air, iPhone and iPad.
In a lengthy narrative on Wired, Honan revealed that the hackers were able to gain access to his accounts and hardware by impersonating him on a phone call with Apple customer service and, using personal information about Honan they had found online and through a loophole in Amazon's security system, convincing the AppleCare representative to reset his password. Having accomplished that, the hackers were able to broadcast racist, homophobic tweets on Honan's Twitter and generally lay waste to Honan's digital life.
On Tuesday Amazon apparently patched the flaw that allowed hackers to trick the AppleCare specialist in the first place. Apple had initially blamed the lapse on a breach in company protocol, but now the company is making wholesale changes to the password reset process.
We’ve temporarily suspended the ability to reset Apple ID passwords over the phone. We’re asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com). This system can reset a password in one of two ways—either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up. When we resume over the phone password resets, customers will be required to provide even stronger identify verification to reset their password.
You can read more about the "epic hack" that led to the temporary policy change on Wired; and remember, if you need to change the password on your Apple ID, you'll need to visit iforgot.apple.com.