Apple has acknowledged the Apple ID reset exploit we reported on earlier today and is currently working to resolve the issue. In a statement to The Verge, the company said, “Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix.”
The security hole affected a large portion of iTunes and iCloud users who didn’t enable two-step verification. By making a successful password reset request, a third party could gain access to your entire iCloud account, iTunes content and your devices as well, if Find My iPhone has been setup on them.
Apple’s telling users to wait for three days to enable two-step verification, so we recommend you to put in a request into Apple’s system right away by logging in here and heading to the “Password and Security” section on the left.