Following journalist Mat Honan's AppleID, Amazon, and Twitter account hacking incidents, Apple immediately took measures to rectify its internal policies and stopped processing AppleID password changes requested over the phone.
Apple released a statement to Wired saying that a full investigation of the incident will be conducted and has also acknowledged that its "own internal policies were not followed completely."
Wired, citing an anonymous Apple employee "with knowledge of the situation", reported that the Cupertino tech giant has blocked the over-the-phone password policy for at least 24 hours so that the company can determine the changes that are required to be introduced in the system.
Amazon also, reportedly, has taken a similar initiative to bring about security tightening in its customer service systems. The measure aims to stop illegitimatel access of private information including name, e-mail address, and mailing address of customers. Previously, the company's phone policy allowed hackers to use social engineering tricks to obtain information about customers.
The incident began with Mat Honan, a reporter for Wired magazine, losing his digital life when hackers took control of his Google, Gmail, and Twitter accounts taking assistance from Apple's customer support and changing his Apple ID password.
Apple employees "gave the hackers a temporary password into Honan's Apple ID, which the hackers used to wipe his iPhone, iPad and MacBook, and gain access to a number of email accounts as well as his Twitter account," Wired notes.
Honan not only lost his digital identity "in the space of one hour" but also precious photographs of his one-year old daughter.
While Honan accepted that "in many ways, this was all my fault. My accounts were daisy-chained together," he also mentioned that his unfortunate loss has also exposed the "vital security flaws in several customer service systems, most notably Apple's and Amazon's."
"In short, the very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform identity verification," Honan noted.
