Whenever Apple screws up, it usually leaves behind a blazing trail of fire that takes a while to extinguish. The company’s recent move to tighten up security for its users has actually caused an even bigger problem, which may leave many users with Apple IDs at risk.
Apple recently deployed a two-step verification security measure that was supposed to help prevent Apple ID and iCloud accounts from being hijacked. However, a known exploit is allowing hijackers to easily reset users’ passwords if they haven’t already enabled the new Apple verification measure. The exploit is purportedly so easy that it only involves knowing the user's email and date-of-birth (DOB).
The exploit involves copy and pasting a modified URL while inputting the DOB security question on Apple’s iForgot page. People with Apple IDs and iCloud accounts are encouraged to enable the new Apple two-step verification, or else risk having their accounts hijacked. An even bigger problem, however, is that the new verification hasn’t been applied to all countries, and those outside of the US, UK, Australia, Ireland, and New Zealand will have to mitigate the problem via a very simple step:
Log into your account and change the DOB to avoid dealing with unscrupulous hackers.