Apple ID Security Hole Allows Password Reset With Email Address and Date of Birth

The Verge is reporting that the Apple ID login system has been compromised and passwords can be reset using only the user's email address and date of birth. Users who have activated the new two-step verification process are not affected by the hack.

Appleid

We've been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple's iForgot page. It's a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand.

Out of concerns for user security, The Verge did not share any information about how to perform the hack, and Apple has not publicly commented on the issue.

Users who attempted to activate two-step verification but are put into a three-day waiting period are vulnerable to the attack, and concerned users can log into their Apple ID accounts and change their birthdate to something less easily guessed.

The two-step verification system for Apple ID accounts was introduced yesterday and is supposed to provide users with a login sequence that is nearly impossible to hack for someone without physical access to the user's devices.

Update 1:29 PM: Apple has taken its iForgot password reset system offline.

iforgot_offline
Update 8:48 PM: Apple's iForgot system is active once again, and iMore has confirmed that the issue has been fixed.

Popular Stories

apple tv 4k new orange

New Apple TV Expected Later This Year With These New Features

Saturday July 12, 2025 3:09 pm PDT by
A new Apple TV is expected to be released later this year, and a handful of new features and changes have been rumored for the device. Below, we recap what to expect from the next Apple TV, according to rumors. Rumors Faster Wi-Fi Support The next Apple TV will be equipped with Apple's own combined Wi-Fi and Bluetooth chip, according to Bloomberg's Mark Gurman. He said the chip supports ...
iphone 16 pro ghost hand

5 Reasons to Skip This Year's iPhone 17 Pro

Thursday July 10, 2025 4:54 am PDT by
Apple will launch its new iPhone 17 series in two months, and the iPhone 17 Pro models are expected to get a new design for the rear casing and the camera area. But more significant changes to the lineup are not expected until next year, when the iPhone 18 models arrive. If you're thinking of trading in your iPhone for this year's latest, consider the following features rumored to be coming...
iPhone 17 Pro in Hand Feature Lowgo

iPhone 17 Pro Coming Soon With These 16 New Features

Friday July 11, 2025 12:40 pm PDT by
Apple's next-generation iPhone 17 Pro and iPhone 17 Pro Max are only two months away, and there are plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models. Latest Rumors These rumors surfaced in June and July:A redesigned Dynamic Island: It has been rumored that all iPhone 17 models will have a redesigned Dynamic Island interface — it might ...
Apple Watch Ultra 2 Complications

Apple Watch Ultra 3: What to Expect

Sunday July 13, 2025 10:30 am PDT by
The long wait for an Apple Watch Ultra 3 is nearly over, and a handful of new features and changes have been rumored for the device. Below, we recap what to expect from the Apple Watch Ultra 3:Satellite connectivity for sending and receiving text messages when Wi-Fi and cellular coverage is unavailable 5G support, up from LTE on the Apple Watch Ultra 2 Likely a wide-angle OLED display that ...
iphone 16 pro pro max

iPhone 17 Pro Models With BOE Displays Will Be Sold in China Only

Thursday July 10, 2025 11:59 pm PDT by
iPhone 17 Pro and iPhone 17 Pro Max models with displays made by BOE will be sold exclusively in China, according to a new report. Last week, it emerged that Chinese display manufacturer BOE was aggressively ramping up its OLED production capacity for future iPhone models as part of a plan to recapture a major role in Apple's supply chain. Now, tech news aggregator Jukan Choi reports...
top stories 2025 07 12

Top Stories: iPhone 17 Pro Rumors, iOS 26 Beta 3, and More

Saturday July 12, 2025 6:00 am PDT by
The iOS 26 public beta release is quickly approaching, while developers have recently gotten their hands on a third round of betas that has seen Apple continue to tweak features, design, and functionality. We're also continuing to hear rumors about the iPhone 17 lineup that is now just about right around the corner, while Apple's latest big-budget film appears to be taking off, so read on...

Top Rated Comments

billystlyes Avatar
161 months ago
Apple is just a horrible web services company. They've never done much right in the space.
Score: 33 Votes (Like | Disagree)
samcraig Avatar
161 months ago
Oh no, a bug in Apple's software. That's far worse than Google doing things like … oh, let's say … tracking you for marketing purposes. Glad you've got your priorities. :rolleyes:

Yea. I would say it is far worse. One involves your financial information, address and potential identity theft.

The other involves targeting ads based on your searches.

Glad you understand how different the two things are.
Score: 20 Votes (Like | Disagree)
TheGreenBastard Avatar
161 months ago
Oh no, a bug in Apple's software. That's far worse than Google doing things like … oh, let's say … tracking you for marketing purposes. Glad you've got your priorities. :rolleyes:

Yes, yes it is worse.
Score: 20 Votes (Like | Disagree)
krzyglue Avatar
161 months ago
Yea. I would say it is far worse. One involves your financial information, address and potential identity theft.

The other involves targeting ads based on your searches.

Glad you understand how different the two things are.
Seriously, it confounds me think how anyone could believe otherwise... This new hole is extremely disconcerting.
Score: 16 Votes (Like | Disagree)
nepalisherpa Avatar
161 months ago
I better activate the two-step verification then!
Score: 10 Votes (Like | Disagree)
samcraig Avatar
161 months ago
One involves a bug, a 'security hole' that will quickly be patched and shouldn't have existed.

The other involves a truly immoral company who track you without your knowledge.

Glad you understand how different the two things are.

Really? without your knowledge? When you sign up for their services - you accept their TOS.

And tracking you is different than exposing actual personal information. Unless you want to start spreading some FUD that Google exposes your PERSONAL information to 3rd parties.
Score: 9 Votes (Like | Disagree)