How Apple’s Password-Reset Security Breach Worked
Yesterday, The Verge uncovered a security breach that allowed malicious users to reset Apple ID passwords with nothing but an email and the user’s birthday . Luckily, the process didn’t leak out in full before the whole thing was patched up, but now iMore was able to reproduce the hack step by step and now it’s sharing details on how the whole thing worked
Yesterday, The Verge uncovered a security breach that allowed malicious users to reset Apple ID passwords with nothing but an email and the user’s birthday. Luckily, the process didn’t leak out in full before the whole thing was patched up, but now iMore was able to reproduce the hack step by step and now it’s sharing details on how the whole thing worked.
As iMore explains:
And while these URLs are supposed to be generated only after answering security questions, they could be effectively hacked together by performing a reset on your own password, collecting the data, and tweaking it just slightly for someone elses account, thereby letting hackers skip straight from step 3 to step 5.
The security hole is all patched up now, and there’s no evidence to suggest it was ever exploited in the wild, but it’s always fascinating to see how these kind of breaches work. And if you needed just one more reason to go turn on two-step verification, this ought to be it. Let’s hope it’s a long time before something like this pops up again. You can check out iMore to learn more about the specifics. [iMore]
This Article was originally posted in Gizmodo
About the Author
Gizmodo Gizmodo is a technology weblog about consumer electronics. It is part of the Gawker Media network run by Nick Denton and is known for its up-to-date coverage of the technology industry, along with topics as broad as design, architecture, space, and science.
Related Posts
Norman Foster on Apple’s HQ: Over 1000 Bikes, Four-Story Glass Doors →
Apple Patents Emergency Alert That Calls the Cops When You Can’t →
Mother Bequeaths iPad to Sons But Apple Won’t Unlock It →
