Hack forces Apple and Amazon to change security policies

icloud amazon hack

Apple and Amazon have changed their policies about letting users update account information over the phone, after hackers successfully exploited flaws in both systems to gain access to a journalist's online accounts.

Wired writer Mat Honan's harrowing story of having all his digital files trashed swept across the Internet this week. The most startling part of his tale: The hackers who took over his accounts did it by simply tricking customer service representatives, rather than launching a technical attack.

Apple and Amazon are working to close the loopholes exposed by the hack.

Apple (AAPL) on Wednesday confirmed that it is temporarily disabling its customers' ability to reset an AppleID password over the phone. Instead, customers will have to use Apple's online "iForgot" system.

Apple representative Natalie Kerris said that the company doesn't have a specific timeframe for how long that "temporary" policy will be in place. When Apple restores the ability to call in for password resets, she said, users will have to provide "stronger" proof that they are who they say they are. She would not comment on specifics.

Amazon (AMZN) told CNNMoney on Tuesday that "the reported exploit" was closed on Monday, the same day Honan's story ran in Wired. But what, exactly, has changed? Amazon declined to comment or answer further questions.

However, a separate Wired article posted Tuesday said that Amazon's customer service reps will no longer change account settings like credit cards or email addresses by phone.

Related story: How a lying 'social engineer' hacked Wal-Mart

The changes came too late for Honan, who lost all the data -- including photos of his baby daughter -- on his iPhone, iPad and MacBook. The hackers also deep-sixed Honan's Google (GOOG) account, and posted racist and homophobic messages on his Twitter page.

While Honan blamed himself for not backing up his data and for "daisy-chaining" his accounts together, he condemned Apple and Amazon for making systems that could so easily be gamed -- especially when targeted together.

The problem is "endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices," Honan wrote.

CNNMoney Sponsors