Apple Fixes Security Flaw With Apple ID Password Reset
Apple has fixed a security flaw which allowed any Apple ID to be reset with just a date of birth, notes The Verge.
Earlier today Apple took down its iForgot page after we reported that it was possible to reset a user password with nothing more than an email address and date of birth. Apple has now brought the site back online after fixing the problem. iMore first reported that the exploit, which involved manipulating a URL, was no longer active. We have been able to confirm this in our own testing.
We still recommend for the maximum security that you enable the new two-step verification if it is available in your country.