When Wired journalist Mat Honan's online accounts were hacked last week, the domino effect that followed stirred up an industry debate on identity verification – and how easily these systems can be compromised.
After a hacker gained access to Honan's Amazon account, they were then able to break into his AppleID account, thus wiping clean his iPhone, iPad and MacBook and gaining access to his Twitter account.
It wasn't the fact that Honan was hacked that raised eyebrows, but rather the way it happened. Armed with a few bits of Honan's personal information, the hacker called Apple and Amazon support and was able to retrieve enough data to access his accounts.
In response to the occurrence and the subsequent attention in the media, Amazon changed its policy earlier this week. Now, customers can no longer call in to change account settings, such as linked credits cards or email addresses.
Apple also beefed up its security policy, temporarily suspending the option for users to reset AppleID passwords via their call centers. The measure is in place as Apple implements a more secure way to verify the identity of customers wishing to reset passwords.
In a blog post, Honan wrote about the vulnerability of Apple and Amazon's identity verification methods, and how they expose an underlying problem in the tech world.
“The disconnect exposes flaws in data management policies endemic to the entire technology industry, and points to a looming nightmare as we enter the era of cloud computing and connected devices,” Honan wrote.
Eduard Goodman, chief privacy officer at identity and data risk management firm Identity Theft 911, told SCMagazine.com that the hacking saga highlights the thin line between convenience and security along which companies often teeter.