Apple is working on a security vulnerability in its cloud services. The flaw could allow malicious users to reset Apple ID and passwords, according to The Verge.
Apple is working on the problem and has taken down the iForgot website in the meantime.
It didn’t take a lot to reset passwords – just an ID and a birthdate.
“Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix,” Apple told The Verge in a statement.
This comes a day after Apple rolled out a two-step process for verification for Apple ID and its iCloud accounts. (Although not all users were allowed to enable the two-step process immediately if information had been recently changed.)
The process would force users to verify IDs on a trusted device such as an iPad or iPhone belonging to the user.