A new vulnerability in Apple’s password reset system may allow hackers to change the passwords for you Apple accounts using only an email address, birthday, and a “modified URL,” according to the Verge.
“Apple takes customer privacy very seriously. We’re aware of this issue and working on a fix,” an Apple spokesperson told VentureBeat. The spokesperson explained that while the company looks into the issue, it has taken down the “iForgot” feature that allows you to reset your password if you’ve forgotten it.
Apple is introducing two-factor authentication for users of its iCloud and other services, adding an extra layer of protection against hackers trying to access peoples' accounts by requiring mobile phone verification for changes in personal details or online purchases.
As we become more connected and more reliant on the web, top-notch security becomes more and more important. While some services like Gmail offer two-step verification to ensure only you can access your account, not every service offers security that's as air-tight. This past weekend, Wired's Mat Honan revealed that he had been hacked. Actually, the hackers themselves revealed that fact when they took control of Honan's Twitter account but Honan later divulged just how bad the attack was.