Apple and Amazon respond to account security concerns

This weekend, Wired's Mat Honan had his internet accounts hacked and iPhone, iPad, and Mac erased, thanks to his own linking of accounts, lack of two-factor authentication, and lack of backups -- but also because of severe problems with both Apple's and Amazon's online security policies and procedures. Basically, with an internet connection and a social engineering attack, anyone could get at least partially into anyone else's stuff.

Amazon was the first to respond, according to Wired's Nathan Olivarez-Giles:

On Tuesday, Amazon handed down to its customer service department a policy change that no longer allows people to call in and change account settings, such as credit cards or email addresses associated with its user accounts. Amazon officials weren’t available for comment on the security changes, but during phone calls to Amazon customer service on Tuesday, representatives told us that the changes were sent out this morning and put in place for “your security.”

And Apple followed up, again according to Wired:

Apple on Tuesday ordered its support staff to immediately stop processing AppleID password changes requested over the phone, following the identity hacking of Wired reporter Mat Honan over the weekend, according to Apple employees. An Apple worker with knowledge of the situation, speaking on condition of anonymity, told Wired that the over-the-phone password freeze would last at least 24 hours.

Both of these reactions sound like triage -- getting some pressure on the exploit to stop the bleeding so they have time to do a proper follow up and, hopefully, change their policies to something a lot more secure.

It sucks that this happened to Honan, but it's good both Amazon and Apple are taking action, and the attention needs to stay on them until a better solution is in place, and the idea of continually appraising and updating the policies going forward is embraced.

And while Apple and Amazon are in the hot seat this time, Google, Microsoft, Facebook, and ever other player large and small would do well to take this as a cautionary tale and examine and re-examine their own policies so they're not ever next.

You've all gone and set up two-factor Google verification, realistic back up strategies, and good, strong passwords for all your other accounts, right?

Source: Wired + Wired