Apple freezes AppleID password resets requested over the phone

[InfoSec News <alerts () infosecnews org>]

http://news.cnet.com/8301-13579_3-57488782-37/apple-freezes-appleid-password-resets-requested-over-the-phone/

By Steven Musil
CNET News
August 7, 2012

Apple has reportedly stopped taking AppleID password resets requests 
over the phone, following the account hack of a technology reporter over 
the weekend.

An unnamed Apple employee told Wired that the ban would remain in effect 
for at least 24 hours and speculated that the freeze was instituted to 
give Apple more time to determine what security policy changes, if any, 
were necessary.

That information was apparently corroborated by an Apple customer 
representative who said Apple had halted all AppleID resets requested 
over the phone. The explanation came as Wired was attempting to 
replicate a hacker's exploitation of the Apple's system that led to the 
led to identity theft of Wired's Mat Honan.

The replication attempt failed because of system-wide "maintenance 
updates" that prevented password resets over the phone, the 
representative told Wired, suggesting they call back in 24 hours or try 
changing the password themselves on the Web at iforgot.apple.com.

[...]