When Gizmodo alumnus and wonderful human Mat Honan got hacked, the point of entry for the hackers was through Amazon and Apple’s lax security policies. Amazon immediately admitted its fault in the situation and updated its security policy accordingly. Apple? Well, Apple still doesn’t know what do yet.
Apple isn’t pointing the finger at itself — it’s accusing a rogue customer service rep of not following standard operating procedure when it came to Honan’s hack. If you remember, Honan’s iCloud account was seized by the hackers when they offered up Honan’s last four digits of his credit card as proof of identity to Apple. But, according to what Apple has been saying publicly, that isn’t how Apple security policies work. Apple issued a statement saying “we found that our own internal policies were not followed completely”. Basically, Apple claims Honan’s hack shouldn’t of happened like that.
However, a source inside Apple told Wired that “if the support representative who took the hacker’s call issued a temporary password based on an Apple ID, billing address, and the last four digits of a credit card, she would have ‘absolutely’ been in compliance with Apple policy.” Apple is publicly claiming one thing while internally doing something completely different. Whether its arrogance or embarrassment of the situation doesn’t matter, what’s awful is having a company dodge the issue in attempt to save face as opposed to admitting fault and fixing the exploit.
Currently, Wired is reporting that Apple has ordered its support staff to “immediately stop processing AppleID password changes requested over the phone” for at least 24 hours. This freeze on password changes will give Apple some time to figure out what they need to do to fix the situation. Hopefully, Apple figures it out so this awful hack won’t happen so easily again. [Wired]