Apple ID Security Hole Allows Password Reset With Email Address and Date of Birth

The Verge is reporting that the Apple ID login system has been compromised and passwords can be reset using only the user's email address and date of birth. Users who have activated the new two-step verification process are not affected by the hack.

Appleid

We've been made aware of a step-by-step tutorial (which remains available as of this writing) that explains in detail how to take advantage of the vulnerability. The exploit involves pasting in a modified URL while answering the DOB security question on Apple's iForgot page. It's a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand.

Out of concerns for user security, The Verge did not share any information about how to perform the hack, and Apple has not publicly commented on the issue.

Users who attempted to activate two-step verification but are put into a three-day waiting period are vulnerable to the attack, and concerned users can log into their Apple ID accounts and change their birthdate to something less easily guessed.

The two-step verification system for Apple ID accounts was introduced yesterday and is supposed to provide users with a login sequence that is nearly impossible to hack for someone without physical access to the user's devices.

Update 1:29 PM: Apple has taken its iForgot password reset system offline.

iforgot_offline
Update 8:48 PM: Apple's iForgot system is active once again, and iMore has confirmed that the issue has been fixed.

Popular Stories

Apple CarPlay Ultra instrument cluster themes 01

Apple's 'CarPlay Ultra' Experience Now Available

Thursday May 15, 2025 5:07 am PDT by
Apple today announced that its next-generation CarPlay experience, now dubbed "CarPlay Ultra" begins rolling out today, starting with Aston Martin vehicles. Subscribe to the MacRumors YouTube channel for more videos. CarPlay Ultra is now available with new Aston Martin vehicle orders in the U.S. and Canada. It will also be available for existing models that feature the brand's next-generation ...
Apple CarPlay Ultra instrument cluster themes 01

Apple's CarPlay Ultra Is Here – Does Your iPhone Support It?

Thursday May 15, 2025 5:17 am PDT by
Apple's recently announced CarPlay Ultra promises a deeply integrated in-car experience, but not all iPhone users will be able to take advantage of the new feature. According to Apple's press release, CarPlay Ultra requires an iPhone 12 or later running iOS 18.5 or later. This means if you're using an iPhone 11, iPhone XR, or any older model, you'll need to upgrade your device to access...
iOS 18

Apple Releases iOS 18.5 With New Wallpaper, Screen Time Changes, Carrier Satellite Support for iPhone 13 and More

Monday May 12, 2025 10:06 am PDT by
Apple today released iOS 18.5 and iPadOS 18.5, the fifth updates to the iOS 18 and iPadOS 18 operating systems that came out last September. iOS 18.5 and iPadOS 18.5 come a little over a month after Apple released iOS 18.4 and iPadOS 18.4. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. The iOS 18.5 update has a...
iPhone 12 Made in India

Trump Tells Tim Cook to Stop Building iPhones in India

Thursday May 15, 2025 2:21 am PDT by
President Donald Trump has asked Apple CEO Tim Cook to halt the company's manufacturing expansion in India, in a potential disruption of Apple's plan to shift iPhone production away from China. "I had a little problem with Tim Cook yesterday," Trump said during his state visit to Qatar, according to Bloomberg. "He is building all over India." "They [India] have offered us a deal where...
CarPlay Ultra Climate Controls

Apple Says These Vehicle Brands Plan to Offer All-New CarPlay Ultra

Thursday May 15, 2025 8:13 am PDT by
Apple today announced the launch of CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. CarPlay Ultra features deep integration with a vehicle's instrument cluster and systems, built-in Radio and Climate apps, customizable widgets, and more. The interface is tailored to each vehicle model and automaker's identity, and drivers can also adjust...
apple music

Apple Music Gets New Transfer Tool to Make Switching From Spotify Easier

Wednesday May 14, 2025 5:17 pm PDT by
Apple this week introduced a new feature designed to allow prospective Apple Music users to import their saved music and playlists from third-party music services to Apple Music. The feature is either in an expanded testing phase or it has started rolling out, and it is available in Australia and New Zealand according to an Apple Support document. Signs of the transfer option first surfaced...
maxresdefault

Here's the First Real-World Look at Apple's CarPlay Ultra

Thursday May 15, 2025 5:52 am PDT by
The first videos of Apple's CarPlay Ultra experience are now available, providing a never-before-seen look at the long-anticipated iPhone-linked infotainment software. British automaker Aston Martin today shared the first video of Apple's CarPlay Ultra experience in-action, followed by a detailed walk-through of the CarPlay Ultra system on Top Gear's YouTube channel, which provides the...

Top Rated Comments

billystlyes Avatar
159 months ago
Apple is just a horrible web services company. They've never done much right in the space.
Score: 33 Votes (Like | Disagree)
samcraig Avatar
159 months ago
Oh no, a bug in Apple's software. That's far worse than Google doing things like … oh, let's say … tracking you for marketing purposes. Glad you've got your priorities. :rolleyes:

Yea. I would say it is far worse. One involves your financial information, address and potential identity theft.

The other involves targeting ads based on your searches.

Glad you understand how different the two things are.
Score: 20 Votes (Like | Disagree)
TheGreenBastard Avatar
159 months ago
Oh no, a bug in Apple's software. That's far worse than Google doing things like … oh, let's say … tracking you for marketing purposes. Glad you've got your priorities. :rolleyes:

Yes, yes it is worse.
Score: 20 Votes (Like | Disagree)
krzyglue Avatar
159 months ago
Yea. I would say it is far worse. One involves your financial information, address and potential identity theft.

The other involves targeting ads based on your searches.

Glad you understand how different the two things are.
Seriously, it confounds me think how anyone could believe otherwise... This new hole is extremely disconcerting.
Score: 16 Votes (Like | Disagree)
nepalisherpa Avatar
159 months ago
I better activate the two-step verification then!
Score: 10 Votes (Like | Disagree)
samcraig Avatar
159 months ago
One involves a bug, a 'security hole' that will quickly be patched and shouldn't have existed.

The other involves a truly immoral company who track you without your knowledge.

Glad you understand how different the two things are.

Really? without your knowledge? When you sign up for their services - you accept their TOS.

And tracking you is different than exposing actual personal information. Unless you want to start spreading some FUD that Google exposes your PERSONAL information to 3rd parties.
Score: 9 Votes (Like | Disagree)