Security loophole leaves Apple IDs, passwords vulnerable to easy attack

apple logo shadow

If you haven’t already jumped on Apple’s new two-step verification system for protecting your Apple ID and iCloud, your account is at serious risk. A hole in the company’s security could let somebody change your password with just your email address and birthdate, The Verge reported. Unless you have already updated your ID to the stronger security system, you should log on as soon as possible to protect your account from hijacking. You can do so here

Adding fuel to the fire, some Apple IDs will not be able to switch to the two-step verification for three days. That may be the case for you if you’ve recently made any significant changes to your account information, according to Apple’s FAQ on the two-step system. The Verge recommended that those people who must postpone the security upgrade change their birthdate as a stopgap measure. To do so, log in to the Password and Security section of Apple’s account settings page. 

The security hole allows a hacker to paste a modified URL into the date of birth question on Apple’s iForgot page for resetting a forgotten or lost password. 

This isn’t the first time this year that Apple has been targeted with security problems. Just last month, the company acknowledged that it was hacked by people who also hit Facebook. Representatives from Apple said no data appeared to have left the company in that attack. The vulnerability should serve as a reminder that no tech security system has proven unbreakable. 

We assume (read “hope”) Apple is currently working on the issue, and we’ll update you when we know more.

Image via Brett Weinstein

Get our Top Stories delivered to your inbox: