Over-the-phone AppleID resets, suspended
After the incident last week where former Gizmodo employee Mat Honan’s Twitter, GMail, Apple accounts were compromised along with his Mac and iPhone being remotely wiped, Apple has taken a step to silence the criticism.
An anonymous Apple employee acknowledged the existence of such a suspension, and has suggested that this most definitely will be a small look into tighter customer verification that Apple is looking into deploying across their services.
On Tuesday, Amazon had also made it more
Since the incident, many sites have attempted to replicate similar results via an over-the-phone password result to great success. Like us, many sites/bloggers have noticed that as of yesterday, Apple has temporarily froze the ability for over-the-phone password resets, and have been prompting users to reset online.
These verification methods that allowed impersonation of other customers’ accounts seem to display a major flaw in the standards of our very free web, and has sparked much discussion/controversy.
Information such as addresses, phone numbers, and even the last 4 digits of one’s credit card can be easily found on the internet. In fact, social engineering via over-the-phone resets help malicious users to gain information that may, to one company not be critical, but serve as the primary verification standard for others.
No doubt we will see more startups in the future attempt to solve this issue, and perhaps, the government will even attempt to regulate this area.