Apple has temporarily plugged the security loophole that allowed Wired editor Mat Honan to be brutally hacked over the weekend.Honan’s hacker was able to reset Honan’s Apple ID password over the phone using the last four digits of Honan’s credit card number.
The hacker was then able to access Honan’s Twitter account, Gmail, and remotely wipe Hona’ns iPad, iPhone, and MacBook. Apple has decided to suspend over-the-phone Apple ID resets, at least for the next day or so, according to Honan’s latest update on Wired.
The hacker was able to get Honan’s last four credit card digits from Amazon, which makes that information public. Amazon has reportedly closed that loophole too.
UPDATE: Apple just reached out to us with an official statement regarding its policy for resetting Apple ID passwords. The company confirms it has temporarily suspended over-the-phone password resets and encourages customers to change their passwords online.
Here’s the statement from Apple spokesperson Natalie Kerris:
We’ve temporarily suspended the ability to reset AppleID passwords over the phone. We’re asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com). This system can reset a password in one of two ways – either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up. When we resume over the phone password resets, customers will be required to provide even stronger identify verification to reset their password.
For more on protecting your passwords:
- Find out five quick tips you can follow to keep your online passwords safe.
- Here’s how you can protect your Gmail password using two-step verification.