Apple and Amazon freeze all over-the-phone password changes while re-evaluating their security protocol
Earlier this week, it was reported by Wired that with just a name, email, and home address, hackers were able to gain access to reporter Mat Honan's Amazon.com account. While the thieves weren't able to ship items to themselves, they were able to learn the last four digits of Honan's credit card. That information was used to unlock an Apple account and a snowballing number of online profiles from there. Thankfully, according to a new Wired report, the major security loopholes have been closed at both companies — at least for now.
Under old Apple protocol, a hacker could easily obtain access to virtually all your online accounts with a quick Google search and one simple phone call to tech support. And once the bad guys get into your Apple account, they can wipe the contents of your hard drive and spy through your email. One hacker was able to use the trick to gain access to the official Gizmodo Twitter account, using it to send racist and homophobic messages to all its 400,000-plus followers.
These type of simple by-phone password resets have been suspended by Apple as the company reviews its security processes. So, for now, if you want to reset your password, you'll need to also provide a serial number for a Mac product you own — information that's a bit harder to come by on a discarded invoice. Amazon has likewise tightened its policy.
More from Tecca: