After hackers turned the life of Wired's Mat Honan upside down, he did what any good reporter would do — he investigated the incident and broke down just how things went wrong. As a result of Honan's research, we learned that Apple and Amazon each have some security holes.
Both companies are seemingly working on setting things right. Amazon has plugged its hole and Apple has temporarily shut down a faulty process.
The trouble with Amazon was that folks who dialed up the online retailer's customer service line could gain control of a stranger's account as long as they knew that individual's name, email address and mailing address. This appears to no longer be the case, based on our own quick tests.
Apple's issue, that someone could reset an Apple ID (or iCloud ID) by phone with only minimal details about the account holder (a name, email address, mailing address and the last four digits of the person's credit card number), is not a problem at this very moment. When attempts are made to have an Apple representative reset a password over the phone, customers are being directed to Apple's password reset page.
My own attempts to reset an iCloud ID resulted in a rep telling me that "the reset option is currently undergoing maintenance" and that "they just tell us we're not supposed to [reset passwords over the phone] right now."
We have reached out to both Amazon and Apple, to hear more about the changes they're making to their security procedures. Apple spokesperson Natalie Kerris gave us a statement which basically sums up what we've discover so far:
We've temporarily suspended the ability to reset Apple ID passwords over the phone. We're asking customers who need to reset their password to continue to use our online iForgot system (iforgot.apple.com). This system can reset a password in one of two ways — either have a password reset sent to an alternate email address already on record or challenge the customer to answer security questions they had previously set up. When we resume over the phone password resets, customers will be required to provide even stronger identify verification to reset their password.
An Amazon spokesperson explained that the company has "investigated the reported exploit, and can confirm that the exploit has been closed as of Monday afternoon."
Want more tech news or interesting links? You'll get plenty of both if you keep up with Rosa Golijan, the writer of this post, by following her on Twitter, subscribing to her Facebook posts, or circling her on Google+.
