Apple Axes Over the Phone iCloud Password Resets
Wired reporter, Mat Honan, had his digital social life wiped out when hackers took control of his various online accounts. His Google and Twitter accounts were taken over and his AppleID account was hijacked, leading to the erasure of all his data on his iPhone, iPad and MacBook.
And the hackers achieved all this via security loopholes in Apple's and Amazon's customer service systems. Anyone could gain control over an Amazon account as long as they provided the name, e-mail address and billing address of the account holder. And with that loophole, the hackers managed to obtain the last four digits of Honan's credit card. After which they proceeded to gain access to Honan's iCloud account by having Apple representatives "verifying" their identity and issuing a temporary password when the hackers provided that same credit card information.
After the news of the hacking broke, both Apple and Amazon have been quick to address the security flaws in their customer service systems. The Verge managed to contact some sources at Apple, and have found that Apple no longer accepts password reset requests over the phone. Similarly, Amazon has responded by disallowing any account changes over the phone as well.