Apple Confirms Security Hole, Says it’s Working on a Fix

icloudEarlier today, a major security hole was discovered in the way Apple handles password resets. The flaw let anyone reset your Apple ID password with your email address and date of birth.

The company had already taken its Forgot Password page down, and in a statement to The Verge, it says that a fix is in the works:

Apple has acknowledged the Apple ID reset exploit we reported on earlier today and is currently working to resolve the issue. In a statement to The Verge, the company said, “Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix.”

The security hole affected a large portion of iTunes and iCloud users who didn’t enable two-step verification. By making a successful password reset request, a third party could gain access to your entire iCloud account, iTunes content and your devices as well, if Find My iPhone has been setup on them.

Apple’s telling users to wait for three days to enable two-step verification, so we recommend you to put in a request into Apple’s system right away by logging in here and heading to the “Password and Security” section on the left.