Apple is reportedly instituting a 24-hour freeze on over-the-phone iCloud password changes following the well-publicized hack of Wired writer Mat Honan’s account. The freeze is being used to buy management more time to figure out if and how to reform its security policies, reports Wired, citing an unnamed Apple employee. Others at Apple (who asked to remain anonymous) have reached out to us and confirm similar details, and our own attempt at changing an iCloud password was rebuffed, with a support line rep confirming staff have been notified not to offer over-the-phone resets. The intrusion into Honan’s iCloud account (and subsequently his Google and Twitter accounts) was also made easier by a security loophole at Amazon, which announced its own plans to crack down earlier today.
Hackers were able to remotely wipe Honan’s MacBook Pro, iPad, and iPhone by first procuring the final four digits of his credit card number from Amazon, then using that same information (along with his name, email address, and billing address) to falsely authenticate Honan's identity over the phone to Apple. This happened despite the person or people involved being unable to answer the security questions Honan had in place. Judging from the way Apple handled "antennagate," we’re expecting some kind of announcement from the company in the coming days.
Update: As noted in the text above, an Apple source as well as an Applecare representative confirmed to us that employees have been advised to no longer offer iCloud password resets over the phone.