New Apple flaw lets hackers change your Apple ID and iCloud passwords
A new vulnerability in Apple’s password reset system may allow hackers to change the passwords for you Apple accounts using only an email address, birthday, and a “modified URL,” according to the Verge.
“Apple takes customer privacy very seriously. We’re aware of this issue and working on a fix,” an Apple spokesperson told VentureBeat. The spokesperson explained that while the company looks into the issue, it has taken down the “iForgot” feature that allows you to reset your password if you’ve forgotten it.
The details on the tactics used to change the passwords are murky. The Verge obtained step-by-step instructions, which reportedly includes using the correct combination of your email and birth date, along with a link that tricks the system, and avoids answering any security questions. While it does involve a small piece of personal information — your birthday — most people include this on their social profiles. It’s an easy find.