AppleCare and Amazon have temporarily made it impossible for consumers to re-set their account passwords with tech support over the the phone
The move by the two companies comes in response to a case involving Wired journalist Mat Honan, whose iPad, iPhone and MacBook Air devices were all wiped at the weekend by a hacker who gained access to his iCloud account. The hacker also took control of Honan's twitterfeed and locked him out of his Gmail account.
The hacker, who identified themselves to Honan subsequently using the handle Phobia, claimed they used social engineering to procure his iCloud login details from AppleCare. Social engineering is a technique used by hackers to manipulate people into performing actions or divulging confidential information.
Phobia told Honan that he gained access to his iCloud account over the phone, first by obtaining his credit card details from Amazon's customer support, and then using those details to convince AppleCare that he was Honan.
In an article in Wired that provides an in-depth look into Phobia's hacking strategy, Honan pointed to the hacker obtaining the last four digits of his credit card from Amazon's customer support team by adding a new credit card to Honan's account. Once armed with this information, says Honan, Phobia then contacted AppleCare and convinced them that he was the US tech journalist.
Both Amazon and Apple have moved to prevent anymore individuals exploiting this loophole in their security.
Wired Magazine reported that they'd spoken to an Apple customer service representative, who said Apple is halting all AppleID password resets by phone.
Amazon told CNET today: "We have investigated the reported exploit, and can confirm that the exploit has been closed as of yesterday afternoon."