Apple and Amazon are changing their security policies after hackers broke into a journalist’s personal accounts. The change comes following a hack into Wired reporter Mat Honan’s iCloud account, in which perpetrators wiped his iPad, Mac and iPhone.
Apple users can no longer reset their Apple IDs over the phone. Previously, Apple ID passwords could be swapped in exchange for the email address, billing address and the last four digits of the credit card associated with the account.
The hackers obtained the last four digits of Honan’s credit card number by breaking into his account on Amazon, which is now also tightening its security features. Amazon had required even less than Apple to change a password — only a user’s name, email address and mailing address. The hackers found the final digits of Honan’s credit card once they reset his Amazon password.
“Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information,” Honan wrote in a piece for Wired Friday.
Honan concisely summed up the loophole in the two company’s security policies: “The very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification.”
Though Apple is yet to release an official policy revision, users could no longer change their passwords over the phone Tuesday.
“In this particular case, the customer’s data was compromised by a person who had acquired personal information about the customer,” spokesperson Natalie Kerris told Wired. “We are reviewing all of our processes for resetting account passwords to ensure our customers’ data is protected.”
How could this hack have been avoided? How do you think companies should tighten their security policies? Let us know in the comments.