On Friday, the Gizmodo Twitter account was briefly taken over by a hacker, via the account of a former Gizmodo staff member, Mat Honan. He claimed that the reason for his information getting in the hands of the hacker was " ... via Apple tech support and some clever social engineering that let them bypass security questions."
Now it appears that Apple is taking steps to make sure that sort of "social engineering" doesn't happen again. Wired.com reports, via unnamed Apple employees, that the company has temporarily suspended its support team members from handling any AppleID password requests that they receive over the phone. The sources claim that the suspension will last for at least 24 hours.
It's possible that Apple has put the brakes on password support via the phone to see if they need to make any changes to their security polities. People who need to have their passwords reset can still do so at iforgot.apple.com.
Honan's information was obtained over the phone by the hacker giving the Apple tech support member a name, an email address, a snail mail address and the last four digits of a credit card number that were linked to an AppleID. It's currently unknown how the hacker obtained this information. In addition to highjacking the Gizmodo Twitter account, the hacker also remotely deleted Honan's Gmail account, along with all of Honan's data from his various Apple products.
Source: Wired.com
11 Comments - Add comment