According to a new report from The Verge claims that they’ve discovered a new major hole that allows attackers/hackers to easily reset your Apple ID password using your email address and date of birth. Yes, you read that right. The scary part is that it doesn’t take a genius to harvest these two pieces of information from Google and your social media accounts or by analyzing your online identity per se.

And this is a very danger problem, as the hackers will be able to hack your account with all your purchase, iTunes credits, email messages, contacts, your Photo Stream and pretty much any personal data residing up in the Apple cloud.

Apple’s iForgot page went down “due to maintenance” shortly after the incident, presumably to prevent exploits until Apple plugs the security hole. Conveniently enough, the company just recently rolled out a new (and way overdue) two-step verification process to protect your Apple ID using not only your password, but also by tapping your trusted devices and a recovery key.

The Verge shares details:

The exploit involves pasting in a modified URL while answering the DOB security question on Apple’s iForgot page. It’s a process just about anyone could manage, and The Verge has confirmed the glaring security hole firsthand.

But thankfully we’ve a fix for this problem, all what you have to do is making two-step verification enabled, no one can exploit the password reset
hole to hijack your account because they will also need a code Apple
sends to your trusted device(s) and/or a recovery key.

To enable two-step verification, go here.

 Also make sure to check out Apple’s FAQ page as it contains a lot of important things about this problem, so read it carefully.

Here are a few things worth keeping in mind.

Before adding any trusted devices, you should first register any iPhone, iPad or iPod touch you own by signing in to the Apple ExpressLane service. Click the Your Products section on the left and then the Manage Your Products link at the page bottom.

 Finally you will be verified each of your trusted devices during the two-factor authentication
process by typing in a four-digit code sent to each device as a
standard notification. To be able to receive these codes, each of your
trusted devices is required to have the Find My iPhone service enabled
in Settings > iCloud.

 Also Apple can send you the code as a text message to any cell phone number in the United
States, United Kingdom, Australia, Ireland, and New Zealand (additional
countries will be added over time).

So finally you should be careful and you’ve been warned.

CONTACT US

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

Log in with your credentials

Forgot your details?