Gaping security holes are a pretty terrifying thing, especially when they involve something as sensitive as your Apple ID. Sadly it seems that immediately after making the paranoid happy by instituting two-step authentication a pretty massive flaw in Cupertino’s system was discovered. Turns out you can reset any Apple ID password with nothing more than a person’s email address and date of birth — two pieces of information that are pretty easy to come across. There’s a little more to the hack, but it’s simple enough that even your non-tech savvy aunt could do it. After entering the target email address in the password reset form you can then select to answer security questions to validate your identity. The first question should be to enter a date of birth. If you enter that correctly then paste in a particular URL (which we will not be publishing for obvious reasons) then — voilà — instant password reset! Or, at least that’s the story. While we were attempting to verify these claims Apple took down the password reset page for “maitenance.” Though we’ve received no official confirmation from Apple, it seems the company is moving swiftly to shut down this particularly troublesome workaround before word of it spreads too far.
Read more http://www.engadget.com/2013/03/22/apple-id-accounts-reportedly-vulnerable-to-password-reset-hack/
