Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

iphone cracked

Updated 4:36pm to include Apple’s comment.

A new vulnerability in Apple’s password reset system may allow hackers to change the passwords for you Apple accounts using only an email address, birthday, and a “modified URL,” according to the Verge.

“Apple takes customer privacy very seriously. We’re aware of this issue and working on a fix,” an Apple spokesperson told VentureBeat.

The spokesperson explained that while the company looks into the issue, it has taken down the “iForgot” feature that allows you to reset your password if you’ve forgotten it.

The details on the tactics used to change the passwords are murky. The Verge obtained step-by-step instructions, which reportedly includes using the correct combination of your email and birth date, along with a link that tricks the system, and avoids answering any security questions. While it does involve a small piece of personal information — your birthday — most people include this on their social profiles. It’s an easy find.

Thus far, we haven’t heard of anyone affected by this attack, and we have reached out to Apple for confirmation that the vulnerability exists and any future steps Apple is taking toward fixing it.

Yesterday, Apple announced that it added two-factor authentication to its iCloud and Apple ID logins. It seems that if you already enabled two-factor authentication, you’re safe from this attack.

Two-factor authentication is the process by which you receive a code — in Apple’s case, a code is sent by SMS or through the FindMyiPhone app — that you must provide along with your password. It’s sometimes seen as a barrier-to-entry, but two-factor really does put an extra obstacle between your data and anyone who is not you.

iPhone cracked image via Håkan Dahlström/Flickr


VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member