Apple ID Security Hole Allows Password Reset With Email Address and Date of Birth

The Verge is reporting that the Apple ID login system has been compromised and passwords can be reset using only the user's email address and date of birth. Users who have activated the new two-step verification process are not affected by the hack.

Appleid

We've been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple's iForgot page. It's a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand.

Out of concerns for user security, The Verge did not share any information about how to perform the hack, and Apple has not publicly commented on the issue.

Users who attempted to activate two-step verification but are put into a three-day waiting period are vulnerable to the attack, and concerned users can log into their Apple ID accounts and change their birthdate to something less easily guessed.

The two-step verification system for Apple ID accounts was introduced yesterday and is supposed to provide users with a login sequence that is nearly impossible to hack for someone without physical access to the user's devices.

Update 1:29 PM: Apple has taken its iForgot password reset system offline.

iforgot_offline
Update 8:48 PM: Apple's iForgot system is active once again, and iMore has confirmed that the issue has been fixed.

Top Rated Comments

billystlyes Avatar
105 months ago
Apple is just a horrible web services company. They've never done much right in the space.
Score: 33 Votes (Like | Disagree)
samcraig Avatar
105 months ago
Oh no, a bug in Apple's software. That's far worse than Google doing things like … oh, let's say … tracking you for marketing purposes. Glad you've got your priorities. :rolleyes:

Yea. I would say it is far worse. One involves your financial information, address and potential identity theft.

The other involves targeting ads based on your searches.

Glad you understand how different the two things are.
Score: 20 Votes (Like | Disagree)
TheGreenBastard Avatar
105 months ago
Oh no, a bug in Apple's software. That's far worse than Google doing things like … oh, let's say … tracking you for marketing purposes. Glad you've got your priorities. :rolleyes:

Yes, yes it is worse.
Score: 20 Votes (Like | Disagree)
krzyglue Avatar
105 months ago
Yea. I would say it is far worse. One involves your financial information, address and potential identity theft.

The other involves targeting ads based on your searches.

Glad you understand how different the two things are.
Seriously, it confounds me think how anyone could believe otherwise... This new hole is extremely disconcerting.
Score: 16 Votes (Like | Disagree)
nepalisherpa Avatar
105 months ago
I better activate the two-step verification then!
Score: 10 Votes (Like | Disagree)
samcraig Avatar
105 months ago
One involves a bug, a 'security hole' that will quickly be patched and shouldn't have existed.

The other involves a truly immoral company who track you without your knowledge.

Glad you understand how different the two things are.

Really? without your knowledge? When you sign up for their services - you accept their TOS.

And tracking you is different than exposing actual personal information. Unless you want to start spreading some FUD that Google exposes your PERSONAL information to 3rd parties.
Score: 9 Votes (Like | Disagree)

Top Stories

flat imac 3d 3 teal

Reliable Leaker Hints Redesigned Colorful iMac to Debut at 'Spring Loaded' Event

Saturday April 17, 2021 4:43 am PDT by
Reliable leaker known as l0vetodream has hinted that Apple may debut its rumored redesigned and colorful iMac at its "Spring Loaded" event on Tuesday, April 20. In a tweet, the leaker posted an image of Apple's logo used for marketing the upcoming event and an image of the retro rainbow Apple logo alongside the colorful lineup of G3 iMacs. Apple leaker Jon Prosser previously reported that...
third gen Apple pencil leaked video

Video of Alleged Third-Generation Apple Pencil Leaks Ahead of Apple Event

Friday April 16, 2021 6:13 am PDT by
A video purporting to be of the third-generation Apple Pencil has today been shared online, showing a glossy finish that mirrors previous leaks. New ✏️ ready to 🚢 #AppleEvent @TommyBo50387266 pic.twitter.com/s4RCDwDi5M— 漢尼斯·拉斯納 🇨🇳 (@ileakeer) April 16, 2021 The brief video from Twitter account @ileakeer, spotted by 9to5Mac, shows an Apple Pencil with a glossy finish much like the...
important battery message iphone 11

Some iPhone 11 Users Seeing Increased Battery Health Percentages After iOS 14.5 Recalibration Process

Friday April 16, 2021 6:32 am PDT by
In the sixth beta of iOS 14.5, Apple introduced a recalibration process for the battery health reporting system on the iPhone 11, iPhone 11 Pro, and iPhone 11 Pro Max to address inaccurate battery health estimates for some users. Apple said this process might take a few weeks to be completed, and now that two weeks have passed since the sixth beta of iOS 14.5 was released, some users are...
apple event particularly innovative article

Gurman: Apple's 'Spring Loaded' Event Won't Feature Anything 'Particularly Innovative'

Thursday April 15, 2021 1:30 am PDT by
Bloomberg's highly-respected Mark Gurman says that he expects nothing "particularly innovative" or "extraordinary" to launch at Apple's "Spring Loaded" event next week, Tuesday, April 20. Gurman made the remarks during an interview for Bloomberg Technology, in which he reaffirmed that Apple will launch a new 11-inch and 12.9-inch iPad Pro, with the higher-end model featuring a brand new...
Top Stories 57 Feature

Top Stories: Apple Event Next Tuesday, Mini-LED iPad Pro, iPhone Rumors

Saturday April 17, 2021 6:00 am PDT by
It feels like we've been waiting forever for new Apple products, but the wait is almost over as Apple has announced a media event for next Tuesday, so make sure to tune into MacRumors for full coverage of everything Apple announces. While that was the big news this week, we also got some new details on Apple's iPhone plans for 2022 and 2023 courtesy of analyst Ming-Chi Kuo, and we also saw...
apple event spring loaded

Apple's 'Spring Loaded' Event Officially Announced for Tuesday, April 20

Tuesday April 13, 2021 9:04 am PDT by
Following an overnight leak by Siri, Apple today officially announced that it will be holding a special "Spring Loaded" event on Tuesday, April 20 at 10:00 a.m. Pacific Time at the Steve Jobs Theater on the Apple Park campus in Cupertino, California. As with all of Apple's 2020 events, the April 2021 event will be a digital-only gathering with no members of the media invited to attend in...
maxresdefault

Hands-On With Anker's MagSafe-Compatible Battery Pack

Thursday April 15, 2021 9:39 am PDT by
Anker, a company known for its range of accessories designed for Apple products, recently came out with one of the first MagSafe-compatible battery packs, so we thought we'd check it out to see how it compares to a standard battery pack. Subscribe to the MacRumors YouTube channel for more videos. Design wise, Anker's power bank looks like a typical battery pack, but it has magnets built in...
iphone 13 pro max cads eap

iPhone 13 Series CAD Leaks Reveal Larger Camera Dimensions

Friday April 16, 2021 1:53 am PDT by
Information and alleged CADs of the upcoming iPhone 13 series, shared in a video from EverythingApplePro, indicates that Apple plans to make this year's iPhone camera module significantly bigger, likely to make way for larger sensors and sensor-shift stabilization. According to the CADs shared in the video, the iPhone 13 mini, Pro, and Pro Max camera module will all be a "perfect square."...
jaguar car homekit

User Adds Car to HomeKit for In-App Controls and Automations, Showing Future Potential

Thursday April 15, 2021 6:17 am PDT by
Blogger Siobhán Ellis has successfully integrated their electric car into their Apple HomeKit setup, adding in-app toggles for door locking, climate control, and more. The setup, which is outlined in detail on the blog Practical HomeKit, allows multiple elements of a Jaguar I-Pace electric vehicle to be monitored, controlled, and automated using the Home app. Using a HomeBridge plugin for ...
siir apple event april 20

Siri Reveals Apple Event Planned for Tuesday, April 20

Tuesday April 13, 2021 12:04 am PDT by
Siri has apparently prematurely revealed that Apple plans to hold an event on Tuesday, April 20, where the company is expected to reveal brand new iPad Pro models and possibly its long-awaited AirTags trackers. Subscribe to the MacRumors YouTube channel for more videos. Upon being asked "When is the next Apple Event," Siri is currently responding with, "The special event is on Tuesday, April...