Apple ID password site back online after security issue

Posted: March 23, 2013 by Areeb Fazli in Technology
Tags: , , , , , , ,

Apple has apparently fixed the security issue involving its Apple ID password-reset page, a vulnerability that had made it possible for hackers with a user’s e-mail address and birth date to reset the user’s password.

Apple said yesterday that it was aware of the issue and was preparing a fix. Meanwhile, the company had taken the “iForgot” reset page offline for maintenance. As of this writing, the page is back up, and various media outlets are reporting that they’ve confirmed the fix.

We have an e-mail out to Apple for official confirmation (though the reappearance of the page is certainly a good sign), and we’ll update this post when we hear back.

The security exploit made use of a special URL that got around the need to answer a security question. Apple had added the question step last April.

The exploit didn’t work on the accounts of users who had enabled two-step verification, which Apple introduced Thursday. That system does away with the security question in favor of sending a request for a four-digit PIN code to a cell phone. The user enters the PIN along with the typical password.

However, as reported by The Verge, a number of Apple ID holders were told they’d have to wait three days before they could enable the two-step verification setup. Also, at this point, the two-step system is available only in the U.S., Britain, Australia, Ireland, and New Zealand.

There are more than 500 million active Apple ID accounts, which are used for the company’s various stores and online services, including iCloud.

Source: CNET

Comments
  1. Hmm it looks like your site ate my first comment (it was super long) so I guess I’ll just
    sum it up what I submitted and say, I’m thoroughly enjoying your blog.

    I as well am an aspiring blog writer but I’m still new
    to everything. Do you have any tips for novice
    blog writers? I’d really appreciate it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s