Stefan Mileschin

A hacker dubbed Phobia, has forced Apple and Amazon to change their policies after breaking into to a tech journalist's account.

According to Cnet, the hack involved looking up Matt Honan's Twitter and guessing his Gmail account. From there they were able to view his backup email address, which was also his AppleID.

The next thing they needed was the last four digits of Honan's credit card number. They got this through Amazon by calling its Amazon's support line and added a fake credit card account.

Then the hacker called Amazon again and claimed to have lost the account password. Phobia used the fake credit card number, and added a new email account which then allowed him to view the last four digits of Honan's credit card.

The hacker then called AppleID and used the credit card number as well as Honan's birthdate to get a temporary password.

It was all too easy, and has caused a bit of a problem for Amazon and Apple, which have been touting their various cloud systems as secure. Amazon has come up with the best policy. It has stopped allowing people to change their account settings via a phone call.

Apple is currently freezing all AppleID password requests made over the phone and is thinking up a new policy. But the question is what possessed anyone to think that using the last four digits of a credit card to verify someone's identity for such powerful services on linked devices passes for security.

Phobia said he wanted " to publicise security exploits, so companies will fix them". He seems to have managed that.

http://news.techeye.net/security/hac...urity-policies