On Tuesday, Apple ordered its telephone support staff to immediately cease AppleID password changes requests. The likely temporary change in procedure comes following the Wired reporter Mat Honan’s identity hack over the weekend, resulting in completely deleted MacBook, iPad, iPhone, and GMail accounts as a result of an attacker tricking an AppleCare rep into resetting Honan’s iCloud password, which started a chain of password reset procedures to access the next system, culminating in the reporter’s Twitter accounts.
An Apple employee told Wired that the phone support password procedure change would last at least 24 hours.
Wired was attempting to recreate the events of the weekend hack when the block was discovered. The attempt failed, and the phone representative said that the company was undergoing “maintenance upgrades” that prevented password resets over the phone. The phone support technician directed all password reset requests to iforgot.apple.com. In a telephone conversation with support supervisors MacNN has discovered that the final identity verification procedure after the expiration of the temporary ban on phone password resets was “in discussion” at the executive level of Apple support.
Honan said he has confirmed with both Apple and the hacker that victimized him that his iCloud account was compromised by a “social engineering” trick with AppleCare. The hacker managed to get an AppleCare support staffer to skip security questions by providing information from Amazon, and then reset Honan’s password, giving the hacker complete access to anything tied to Honan’s iCloud account or email address. This included not only personal and Gizmodo Twitter accounts, but also Honan’s GMail account, which was completely deleted.
The Find My iPhone app in the iOS sports a device erase feature and was used to perform remote wipes of Honan’s Mac, iPhone, and iPad following iCloud seizure by the hacker. Apple admits to a failure to follow normal support procedures and rules which resulted in the hack.
