After hack, Apple, Amazon change password policy

Apple and Amazon wasted little time in responding to a Wired journalist’s scathing report about being hacked.

“Apple Inc. will strengthen the security procedures used for resetting AppleID passwords over the phone after a Wired journalist called attention to a breach involving his own account,” Bloomberg reported Wednesday morning.

“Until new procedures are put in place, users will not be able to reset their passwords over the phone, Apple said in an e-mailed statement.”

Amazon reacted as well.

“On Tuesday, Amazon handed down to its customer service department a policy change that no longer allows people to call in and change account settings, such as credit cards or email addresses associated with its user accounts,” Wired reported.

The Skinny wrote about the plight of Mat Honan on Tuesday. His identity had been erased in part due to hackers who gained access to his Apple accounts. 

“In the space of one hour, my entire digital life was destroyed,” he wrote this week.

“First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.”

Honan noted that ”Apple tech support gave the hackers access to my iCloud account. Amazon tech support gave them the ability to see a piece of information — a partial credit card number — that Apple used to release information. In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification. The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices.”

The Skinny’s report drew some interesting reaction.

One writer said he had forwarded the column to his company’s information technology team as a warning.

Meanwhile, two people commented online about their own “cloud computing” scares.

Anyone using the “cloud” should take security seriously.

Assume that NOTHING is safe.

Have backups on place.