Huge Security Flaw Allowed Apple ID Passwords To Be Reset with Email Address and DOB

rated by 0 users
This post has 1 Reply | 0 Followers

Top 10 Contributor
Posts 26,801
Points 1,212,905
Joined: Sep 2007
News Posted: Sun, Mar 24 2013 2:22 PM

If there's one thing that goes hand-in-hand with technology, it's security flaws. Rarely, though, are such flaws actual features, such as one Apple just had to rush to patch up. Late last week, the company rolled-out two-step verification, where a pin code sent to your mobile phone could be used in conjunction with a regular password to amp-up the level of security on your account. This is a great move, and one that I'd like to see more companies adopt. However, with this new feature came a ridiculous oversight.

If you knew someone who had an Apple account, and also happened to know their e-mail and date-of-birth, you had everything required to reset their account password. Yes, really. Those two bits of information is all that would have been needed to take over the account, which in turn could allow someone to discover the user's personal info, such as address, phone number and of course, purchase history. Almost surprisingly, there haven't yet been reports of anyone falling victim to this flaw, with Apple's super-quick action to thank.

While this flaw was discovered and subsequently patched quickly, the fact that the original implementation made it through to begin with is mind-boggling. Someone had to design the mechanism, completely overlooking the fatal flaw, and then others would review it and likewise overlook it. For a company with as many customers as it has, it seems a little foolish to let such a simple, yet major, issue like this creep out.

  • | Post Points: 20
Top 150 Contributor
Posts 622
Points 5,115
Joined: Jun 2012
RiCoFrost replied on Sun, Mar 24 2013 6:49 PM

Not this again.... last time you can call up and change the password.

I think that's the 3rd major security stuff up regarding accounts in the last 6 months by apple.

  • | Post Points: 5
Page 1 of 1 (2 items) | RSS