Apple Really Doesn't Know How to Fix Its Massive Security Exploit

Illustration for article titled Apple Really Doesn't Know How to Fix Its Massive Security Exploit

When Gizmodo alumnus and wonderful human Mat Honan got hacked, the point of entry for the hackers was through Amazon and Apple's lax security policies. Amazon immediately admitted its fault in the situation and updated its security policy accordingly. Apple? Well, Apple still doesn't know what do yet.


You see, Apple isn't pointing the finger at itself and its wafer-thin security policies but accusing a rogue customer service rep of not following standard operating procedure when it came to Honan's hack.

If you remember, Honan's iCloud account was seized by the hackers when they offered up Honan's last 4 digits of his credit card as proof of their identity as Honan to Apple. But according to what Apple has been saying publicly, that isn't how Apple security policies work. Apple issued a statement saying "we found that our own internal policies were not followed completely." Basically, Apple claims Honan's hack shouldn't of happened like that. Um, Apple isn't telling the whole truth here.

A source inside Apple told Wired that "if the support representative who took the hacker's call issued a temporary password based on an Apple ID, billing address, and the last four digits of a credit card, she would have "absolutely" been in compliance with Apple policy." Apple is publicly claiming one thing while internally doing something completely different. Whether its arrogance or embarrassment of the situation doesn't matter, what's awful is having a company—one that holds so much of your personal data—dodge the issue in attempt to save face as opposed to admitting fault and fixing the exploit.

Currently, Wired is reporting that Apple has ordered its support staff to "immediately stop processing AppleID password changes requested over the phone" for at least 24 hours. This freeze on password changes will give Apple some time to figure out what they need to do to fix the situation. Hopefully, Apple figures it out so this awful hack won't happen so easily again. [Wired]

Image by olly/Shutterstock




One wonders how they got his apple ID, billing address and last four digits of a credit card number that was associated with his account.

Lots of ways to prevent any of the above from falling in the wrong hands..

1. Don't use your email address as your apple id. Let them give you one of the .me/mac etc ones and just use it for that.

2. Billing address is a bit difficult, but adding "suite X" even if you don't have a suite X, making X different for each biller can mitigate some of this. The post office won't care, they will stuff it in your mailbox right along with the rest of the junk. (this is also a fun way to see who sells your info to whom)

3. virtual cards .. Nothing like a 1 to 1 ratio of credit card numbers to vendors to stop you from getting massively boned because some site some where got broken into .. or your card was copied by the nice girl at the restaurant .. etc..