First, Amazon.com changed its policy that allowed people to call customer support and change the email address associated with an Amazon.com account or add a credit card number as long as the caller could provide three relatively easy-to-find pieces of information: name, email address and billing address.
Next, Apple told its customer support personnel to immediately halt the processing of AppleID password changes requested over the phone. To be clear, though, that stoppage is only temporary, at least for now, with a CS rep telling Wired that the hold would last for at least 24 hours. He wasn't clear on the reason for the hold, but he speculated that the freeze was put in place so that Apple can consider what, if any, security policies needed to be changed on a permanent basis.
The full details of Honan's digital crisis are available here. Essentially, though, it was a cascading failure.
A hack into Honan's Amazon.com account using the "exploit" above resulted in a hack into his AppleID account using Apple's security hole, and that led to hack into Honan's Gmail account, but via valid means, not through an exploit.
From there, they took control of his Twitter account, which was their target. Along the way, though, they deleted his Gmail account, and wiped his iPad, iPhone and MacBook Pro (and he had foolishly not backed up the photos of the first 1-and-1/2 years of his daughter's life).