Following up from the hacking of Matt Honan, which rocked the tech world yesterday (and prompted me to set up two-step authentication for GMail), both Apple and Amazon have taken moves to block the avenues that allowed the hacks to happen in the first place.
Amazon will no longer allow people to change email address or add credit cards over the phone, and Apple has suspended over the phone AppleID password resets. Both of these were primary vectors for the attack to occur.
Apple’s move appears to be temporary while the company figures out where to go from here. For at least the next little while, you won’t be able to get another password over the phone, or it sounds like they might want the serial number of a hardware device associated with the account.
I’m hoping that this increased discussion about security won’t stop here, and that many more companies adjust their policies appropriately. It’s one thing when a technology hole leads to a security breach, but a whole different problem when it’s social engineering — and one that you’d think would be easier to defend against.