Hack forces Apple and Amazon to change security policies

  @julpepitone August 8, 2012: 5:57 PM ET
icloud amazon hack

Apple and Amazon have changed their policies about letting users update account information over the phone, after hackers successfully exploited flaws in both systems to gain access to a journalist's online accounts.

Wired writer Mat Honan's harrowing story of having all his digital files trashed swept across the Internet this week. The most startling part of his tale: The hackers who took over his accounts did it by simply tricking customer service representatives, rather than launching a technical attack.

Apple and Amazon are working to close the loopholes exposed by the hack.

Apple (AAPL, Fortune 500) on Wednesday confirmed that it is temporarily disabling its customers' ability to reset an AppleID password over the phone. Instead, customers will have to use Apple's online "iForgot" system.

Apple representative Natalie Kerris said that the company doesn't have a specific timeframe for how long that "temporary" policy will be in place. When Apple restores the ability to call in for password resets, she said, users will have to provide "stronger" proof that they are who they say they are. She would not comment on specifics.

Amazon (AMZN, Fortune 500) told CNNMoney on Tuesday that "the reported exploit" was closed on Monday, the same day Honan's story ran in Wired. But what, exactly, has changed? Amazon declined to comment or answer further questions.

However, a separate Wired article posted Tuesday said that Amazon's customer service reps will no longer change account settings like credit cards or email addresses by phone.

Related story: How a lying 'social engineer' hacked Wal-Mart

The changes came too late for Honan, who lost all the data -- including photos of his baby daughter -- on his iPhone, iPad and MacBook. The hackers also deep-sixed Honan's Google (GOOG, Fortune 500) account, and posted racist and homophobic messages on his Twitter page.

While Honan blamed himself for not backing up his data and for "daisy-chaining" his accounts together, he condemned Apple and Amazon for making systems that could so easily be gamed -- especially when targeted together.

The problem is "endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices," Honan wrote. To top of page

Join the Conversation

Market indexes are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer LIBOR Warning: Neither BBA Enterprises Limited, nor the BBA LIBOR Contributor Banks, nor Reuters, can be held liable for any irregularity or inaccuracy of BBA LIBOR. Disclaimer. Morningstar: © 2014 Morningstar, Inc. All Rights Reserved. Disclaimer The Dow Jones IndexesSM are proprietary to and distributed by Dow Jones & Company, Inc. and have been licensed for use. All content of the Dow Jones IndexesSM © 2014 is proprietary to Dow Jones & Company, Inc. Chicago Mercantile Association. The market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. FactSet Research Systems Inc. 2014. All rights reserved. Most stock quote data provided by BATS.