Robert_Charlton - 9:26 am on Mar 25, 2013 (gmt 0)
Apple ID accounts reportedly vulnerable to password reset hack, forgot password page taken offline for maintenance
(update 2: back)
Mar 22nd, 2013
Gaping security holes are a pretty terrifying thing, especially when they involve something as sensitive as your Apple ID. Sadly it seems that immediately after making the paranoid happy by instituting two-step authentication a pretty massive flaw in Cupertino's system was discovered and first reported by The Verge. Turns out you can reset any Apple ID password with nothing more than a person's email address and date of birth -- two pieces of information that are pretty easy to come across.
In my case, there was an email from Apple connected with this, a real Apple email, so I assume this was a genuine attempt to steal something from me, like my identity....
Your Apple ID (xxxxxxxxxxxx) was used to sign in to FaceTime on an iPhone 4 named "iPhone".
If you have not recently set up an iPhone with your Apple ID, then you should change your Apple ID password. Learn more.
What a colossal drag this was. I don't have an Apple ID, or I didn't think I did. Deciding I shouldn't ignore this, I used the "safe" way to try to reset my password, just in case. Guess I'll have a password now, and an Apple ID.
(If you're a PC owner as I am, and have ever put any piece of Apple software on your machine, you'll understand why I didn't want an Apple ID, and I didn't want Apple to have my email address. From back in August, though, this story was reported, so I wasn't taking any chances....
Account Hack, User Speaks Out: Lessons To Learn
Anyone have any idea what else I should check out?