A pretty awful exploit has been discovered that opens up Apple IDs to all kinds of wrongdoing. All someone needs is your email address and date of birth and, using Apple’s own tools, they can reset your password. A step-by-step tutorial is allegedly out there that discusses how to properly execute the hack, meaning anyone that wants to cause trouble can with the right info.
As part of Apple’s new two-step verification process, anyone who hasn’t yet enabled the new feature is open to the exploit. Unfortunately, there’s a three day wait period to actually enable two-step verification. Adding even more insult to injury, those waiting to enable the new security measure are still vulnerable.
Right now, the only way it sounds like to avoid the problem is to change your date of birth to something very obscure and random. Otherwise, if someone close to you knows your email and birthdate, they can seemingly change your password without much effort, and take complete control of your Apple ID.