LOS ANGELES (CBSLA.com) — A CNET report says Apple is aware of a special URL that allows a stranger to hijack your user account and reset your ID and password by simply knowing your birthday and email address.
The URL gets around the need to answer a security question — such as mother’s maiden name. That security measure was placed on all Apple products a year ago.
The possible glitch does not work on accounts with two-step verification enabled, which Apple recently introduced.
It also cannot bypass products that ask for a four-digit PIN.
“Apple takes customer privacy very seriously. We are aware of this issue and working on a fix,” said Trudy Muller, an Apple spokesperson.
Meanwhile, Apple has reportedly put password reset tools on maintenance mode.
This story comes to light as several high-profile stories involving hacking of celebrity accounts and the leaking of personal information — including First Lady Michelle Obama — have been made public.
The Verge, a tech news site, reported that it found a tutorial on how to hack someone’s Apple account online.
The LA Times.com said The Verge did not share the tutorial link and also encouraged Apple users to enable their two-step verification to better protect their accounts.