After experiencing a gigantic daisy-chained hack, Mat Honan has been letting us know exactly what happened, how it happened and what the companies involved are doing to make sure it doesn’t happen to anyone else.
Apple has stepped up and is putting a 24-hour ban on calling Apple support to change your Apple ID password. You see, Honan’s hack involved some social engineering, meaning a hacker actually made phone calls and set up accounts pretending to be him.
Here’s what Wired reported on the ban:
Apple on Tuesday ordered its support staff to immediately stop processing AppleID password changes requested over the phone, following the identity hacking of Wired Reporter Mat Honan over the weekend, according to Apple employees.
An Apple worker with knowledge of the situation, speaking on condition of anonymity, told Wired that the over-the-phone password freeze would last at least 24 hours. The employee speculated that the freeze was put in place to give Apple more time to determine what security policies needed to be changed, if any.
While you can bet that Mat’s story got enough press to jar Apple, I’m not sure what the 24-hour ban will actually do in the long run. Perhaps this is just to give the company enough breathing room to re-think it’s current password reset practices. Either way, it’s nice to see Apple respond in some way.
What does Apple ask for to reset your password over the phone? Here’s what Mat dug up:
Also my source at Apple confirmed issuing password reset based on name, last 4 of CC, address, and AppleID was “absolutely” Apple policy
— Is this Mat Honan? (@mat) August 8, 2012
Honan will be posting and article about how he has pieced his “digital life” back together after losing basically…everything.