When Gizmodo alumnus and wonderful human Mat Honan got hacked, the point of entry for the hackers was through Amazon and Apple's lax security policies. Amazon immediately admitted its fault in the situation and updated its security policy accordingly. Apple? Well, Apple still doesn't know what do yet.
You see, Apple isn't pointing the finger at itself and its wafer-thin security policies but accusing a rogue customer service rep of not following standard operating procedure when it came to Honan's hack.
If you remember, Honan's iCloud account was seized by the hackers when they offered up Honan's last 4 digits of his credit card as proof of their identity as Honan to Apple. But according to what Apple has been saying publicly, that isn't how Apple security policies work. Apple issued a statement saying "we found that our own internal policies were not followed completely." Basically, Apple claims Honan's hack shouldn't of happened like that. Um, Apple isn't telling the whole truth here.
A source inside Apple told Wired that "if the support representative who took the hacker's call issued a temporary password based on an Apple ID, billing address, and the last four digits of a credit card, she would have "absolutely" been in compliance with Apple policy." Apple is publicly claiming one thing while internally doing something completely different. Whether its arrogance or embarrassment of the situation doesn't matter, what's awful is having a company—one that holds so much of your personal data—dodge the issue in attempt to save face as opposed to admitting fault and fixing the exploit.
Currently, Wired is reporting that Apple has ordered its support staff to "immediately stop processing AppleID password changes requested over the phone" for at least 24 hours. This freeze on password changes will give Apple some time to figure out what they need to do to fix the situation. Hopefully, Apple figures it out so this awful hack won't happen so easily again. [Wired]