Following the hack against Wired reporter Mat Honan over the weekend, Apple has now ordered its support staff to stop processing AppleID password changes requested over the phone. The restriction is effective immediately. An Apple staffer "with knowledge of the situation" told Wired that the over-the-phone password freeze would last at least 24 hours.

The Apple employee, who agreed to speak under condition of anonymity, speculated that the current freeze was instated as a temporary solution until Apple figures out what security policies need to be changed, if any, to prevent further incidents. Apple's move follows similar measures taken by Amazon. On Tuesday, August 7, Amazon closed a hole in its customer service systems that allowed people to gain control of someone's Amazon account by simply providing the name, e-mail address and mailing address of the respective Amazon customer.

The hacker's plan was to hack into Honan's Twitter account, so they first looked up his Twitter and guessed his Gmail account. Honan did not have two-factor authentication turned on, so the hackers were able to view his backup email address, which was also his AppleID.

The hackers needed to obtain the last four digits of Honan's credit card number in order to gain access to Honan's AppleID. Phobia and his partner first called Amazon's support line to add a fake credit card account, then called again claiming to have lost the account password. By providing the fake credit card number, Phobia was able to add a new email account. That new email account, in turn, allowed him to view the last four digits of Honan's real credit card number.

With the credit card number and Honan's birth date (found with a Google search), the hackers obtained a temporary password from AppleID, and the rest is history. The hackers used the password from the AppleID account to access his Gmail account and Twitter feed. Honan managed to recover his account, but all his data was wiped using Apple's Find My Mac remote wipe feature. Afterward, Honan spoke with one of the hackers, who goes by the name "Phobia," and learned how the hack occurred. "You honestly can get into any email associated with Apple," Phobia told Honan in an email.

In the end, with some perseverance and some security flaws ready to be exploited, the hackers were able to accomplish what they wanted, i.e. "to publicize security exploits so companies will fix them." According to Honan, the hack would not have been possible if he had enabled two-factor authentication on his Gmail.