Apple suspends over-the-phone password resets

Following the incredible social engineering hack suffered by Wired's Mat Honan over the weekend, Apple's shut down the exploit by "ordering support staff to immediately stop processing AppleID password changes requested over the phone."


  1. It’s unfortunate; but this is classic Apple damage control mode. Deny that the problem exists while scrambling to fix it, fix it as quietly as possible, and pretend it never happened.

    Based on the number of ‘Apple forum thread about rev. A hardware issue just vanishes’ stories that have come up over time, the main exception in this case seems to be that a guy with some visibility got burned which made the “deny” step fairly difficult. The ‘oh those wacky phone drones, not adhering to procedure’ line is fairly lame, even when true, and it has a certain odor clinging to its veracity…

    1. Deny the problem exists? I think stopping resets is an explicit admission. Would Apple’s behavior be somehow more responsible if they kept allowing people to exploit this crack until they have a full replacement system worked out?

      Exploit found in system.
      Step 1: Immediately disable whatever methods the exploit relies on
      Step 2: Now that there is no more ongoing damage take some time to evaluate the situation and figure out what the hell to do next.

      This is classic responsible damage control. By accounts Apple has been in communication with the people actually affected by the situation. They have shut down the exploit. They are now figuring out what to do next. This is basically the same as Amazon’s response to the same situation. I wish all companies behaved as calmly and rationally to security breaches.

  2. Soon to be triumphantly replaced with iSecurity, whereby I gain custody of your firstborn child if I can guess what state you live in.

Comments are closed.