large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Apple ID security hole allows simple hack with email address and DOB

A worrying new security hole allows for an Apple ID to be hacked, simply by knowing the user’s email address and date of birth.

The vulnerability affects all customers yet to upgrade to the two-step verification process, leaving those users’ accounts wide open to anyone who knows those not-exactly-hard-to-track down pieces of basic data.

Tech blog The Verge claims it has been handed a step-by-step tutorial, which remains online (but unpublished by the tech media for obvious reasons) and allows the hack to be easily performed using Apple’s own password reset tools.

All unsanctioned parties have to do is enter the relevant email address into Apple’s password reset site before entering the user’s date of birth as an answer to the security question. If a modified URL is then pasted into the URL bar the password can be easily reset. Scary.

The discovery of such a gaping security hole means that those yet to upgrade to Apple’s new two-step verification service should probably do so very soon indeed.

The new method requires any changes to an iTunes, Apple ID or iCloud account to be verified by a “trusted” device like an iPhone, iPad or another smartphone number and is much more secure.

The service is so far available only in the UK, US, Australia and New Zealand and some users are reporting that the process is now taking three days to activate, leaving them vulnerable in the meantime.

If you’re worried, The Verge suggests going into your Apple ID account and changing your date of birth to throw potential intruders off the scent.

Via The Verge

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.