Apple ID Security Hole Allows Password Reset With Email Address and Date of Birth

The Verge is reporting that the Apple ID login system has been compromised and passwords can be reset using only the user's email address and date of birth. Users who have activated the new two-step verification process are not affected by the hack.

Appleid

We've been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple's iForgot page. It's a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand.

Out of concerns for user security, The Verge did not share any information about how to perform the hack, and Apple has not publicly commented on the issue.

Users who attempted to activate two-step verification but are put into a three-day waiting period are vulnerable to the attack, and concerned users can log into their Apple ID accounts and change their birthdate to something less easily guessed.

The two-step verification system for Apple ID accounts was introduced yesterday and is supposed to provide users with a login sequence that is nearly impossible to hack for someone without physical access to the user's devices.

Update 1:29 PM: Apple has taken its iForgot password reset system offline.

iforgot_offline
Update 8:48 PM: Apple's iForgot system is active once again, and iMore has confirmed that the issue has been fixed.

Popular Stories

iOS 18 Siri Integrated Feature

Report: These 10 New AI Features Are Coming in iOS 18

Sunday May 26, 2024 12:57 pm PDT by
iOS 18 and macOS 15 will offer an array of new AI features such as auto-generated emojis, suggested replies to emails and messages, and more, Bloomberg's Mark Gurman reports. A significant portion of Apple's Worldwide Developers Conference (WWDC) is expected to focus on AI features. Writing his latest "Power On" newsletter, Gurman explained that Apple's AI strategy emphasizes providing...
new best buy blue

Best Buy's Memorial Day Sale Has Record Low Prices on iPads, MacBooks, and Much More

Friday May 24, 2024 7:12 am PDT by
Best Buy today kicked off its Memorial Day weekend sale, and it has some of the best prices we've tracked in weeks on iPads and MacBooks. Specifically, you'll find record low prices on the 5th generation iPad Air, iPad mini 6, M2 MacBook Air, and M3 MacBook Pro. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may receive a small payment,...
iOS 18 WWDC 24 Feature 2

Gurman: iOS 18 Will Allow Users to Recolor App Icons and Place Them Anywhere

Sunday May 26, 2024 12:22 pm PDT by
Apple's iOS 18 update will introduce new features for further customizing the iPhone's home screen, according to Bloomberg's Mark Gurman. In the latest edition of his "Power On" newsletter, Gurman claimed that Apple will allow users to change the color of app icons in iOS 18. For example, "you can make all your social icons blue or finance-related ones green." This kind of home screen...
Apple iPhone 14 color lineup feature

Apple Now Selling Refurbished iPhone 14 Models

Friday May 24, 2024 11:15 am PDT by
Apple today added refurbished iPhone 14, iPhone 14 Plus, iPhone 14 Pro, and iPhone 14 Pro Max devices to its online store for refurbished products, offering the prior-generation iPhones at a discount for the first time since their 2022 launch. The iPhone 14 is available starting at $619, the iPhone 14 Pro is available starting at $759, and the iPhone 14 Pro Max is available starting at $849. ...
top stories 25may2024

Top Stories: iOS 17.5.1 Fixes Concerning Photos Bug, All-New iPhone 17 Model Rumored, and More

Saturday May 25, 2024 6:00 am PDT by
It's been quite a week of Apple news and rumors, ranging from a concerning bug with deleted photos reappearing on users' devices to hot rumors about a new high-end iPhone model for 2025 and a MacBook with a foldable screen coming as soon as 2026. Other news and rumors this week included fresh expectations for iOS 18 features and new headphones from Sonos to compete head-to-head with AirPods...

Top Rated Comments

billystlyes Avatar
146 months ago
Apple is just a horrible web services company. They've never done much right in the space.
Score: 33 Votes (Like | Disagree)
samcraig Avatar
146 months ago
Oh no, a bug in Apple's software. That's far worse than Google doing things like … oh, let's say … tracking you for marketing purposes. Glad you've got your priorities. :rolleyes:

Yea. I would say it is far worse. One involves your financial information, address and potential identity theft.

The other involves targeting ads based on your searches.

Glad you understand how different the two things are.
Score: 20 Votes (Like | Disagree)
TheGreenBastard Avatar
146 months ago
Oh no, a bug in Apple's software. That's far worse than Google doing things like … oh, let's say … tracking you for marketing purposes. Glad you've got your priorities. :rolleyes:

Yes, yes it is worse.
Score: 20 Votes (Like | Disagree)
krzyglue Avatar
146 months ago
Yea. I would say it is far worse. One involves your financial information, address and potential identity theft.

The other involves targeting ads based on your searches.

Glad you understand how different the two things are.
Seriously, it confounds me think how anyone could believe otherwise... This new hole is extremely disconcerting.
Score: 16 Votes (Like | Disagree)
nepalisherpa Avatar
146 months ago
I better activate the two-step verification then!
Score: 10 Votes (Like | Disagree)
samcraig Avatar
146 months ago
One involves a bug, a 'security hole' that will quickly be patched and shouldn't have existed.

The other involves a truly immoral company who track you without your knowledge.

Glad you understand how different the two things are.

Really? without your knowledge? When you sign up for their services - you accept their TOS.

And tracking you is different than exposing actual personal information. Unless you want to start spreading some FUD that Google exposes your PERSONAL information to 3rd parties.
Score: 9 Votes (Like | Disagree)