Security hole allows anyone to reset an Apple ID with email and DOB
Gaping security holes are a pretty terrifying thing, especially when they involve something as sensitive as your Apple ID. Sadly it seems that immediately after making the paranoid happy by instituting two-step authentication a pretty massive flaw in Cupertino's system was discovered and first reported by The Verge.
Turns out you can reset any Apple ID password with nothing more than a
person's email address and date of birth -- two pieces of information
that are pretty easy to come across.
There's a little more to the
hack, but it's simple enough that even your non-tech savvy aunt or
uncle could do it. After entering the target email address in the
password reset form you can then select to answer security questions to
validate your identity. The first task will be to enter a date of birth.
If you enter that correctly then paste a particular URL into the
address bar (which we will not be publishing for obvious reasons), press
enter, then -- voilà -- instant password reset! Or, at least that's the
story. While we were attempting to verify these claims Apple took down
the password reset page for "maintenance." Though we've received no
official confirmation from Apple, it seems the company is moving swiftly
to shut down this particularly troublesome workaround before word of it
spreads too far.
Comments
Post a Comment
What do you Think about This Article? Share Your Comments Here