Hacking an Apple ID is as simple as knowing a birthdate and email.
That’s what was reported this week, and even though Apple has corrected the security problem, it should still raise some eyebrows. The Verge initially reported that the Apple ID login system was compromised, allowing hackers to reset passwords with only an email and birthdate. Those who diligently followed a two-step verification process the last time this happened weren’t affected by the hack.
From the Verge: We’ve been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple’s iForgot page. It’s a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand.
Nick Arnott at iMore reports that Apple restored its iForgot password page Friday afternoon.
“The vulnerability came at an interesting time, just a day after Apple began to roll out its two-step verification system. Users who had already enrolled in the new system seem to have been immune from the password reset vulnerability”
Although patched up and secured now, it’s probably not a bad idea to implement the two-step security feature.
“Good to see Apple is on their A-game when it comes to exploits,” an iMore commenter posted.