As news of Apple's iCloud account hack August 5 revealed security flaws in its Cloud storage services, the Cupertino technology giant has decided to freeze all Apple ID password reset requests over phone, CNET has reported.
Apparently, Apple is also considering overhauling its security policy in order to prevent future attacks. Speaking to Wired, an Apple staff requesting anonymity stated that the password change freeze may last at least for 24 hours and added that freeze may have been enforced to help Apple staff determine the key issues that need to be addressed in its security system.
The changes in Apple follow similar stringent measures adopted by Amazon. The online retail giant Tuesday launched a slew of security measures wherein customers can no longer make changes to their accounts over the telephone. This move addresses lacunae in its services wherein hackers were able to gain control of an Amazon customer account when they knew the name, e-mail address and mailing address of their victim, Wired added.
Attempts by Wired's reporter to reset password over phone after the incident failed. AppleCare representative said the company was going through system-wide "maintenance updates" that prevented anyone from resetting passwords over the phone. Further, the representative requested Wired reporter to call after 24 hours and directed the user to iforgot.apple.com to change AppleID password on the web.
The adoption of new security measures for password reset requests follow the reported hacking of Wired reporter Mat Honan's iCloud account. After gaining access to iCloud through Social Engineering by posing as Honan, the hacker identified as Phobia recovered details of Mat Honan's email account and Apple ID.
Then, the hacker began to remotely wipe out data on Honan's iPad, iPhone and MacBook in an attempt to gain access to Honan's Twitter account.
The good news is that post the accident, Honan managed to recover his account, and some data comprising photos of his kids that were saved in his notebook. However, some of the vital data were lost permanently. With the new policy, Amazon and Apple can prevent another online exploit. But for complete security, CNET urges users to adopt two-factor authentication of Cloud accounts to prevent recurrence of such mishaps. Though it is a hassle, it provides safety against online threats.
PCWorld too advocates two-step verification, backup of sensitive data, privatizing of web registration, enabling of account recovery email and introduction of firewall between sensitive accounts.
PCWorld goes on to emphasize how it is difficult to stop hackers on their trail but adoption of security measures like separate data storage devices and backup can minimize loss when disaster strikes.