Basically, anyone with knowledge of your email address and date of birth could reset the password for your Apple ID. According to The Verge, the security flaw could be exploited by pasting a modified URL when answering the security question regarding date of birth on Apple’s iForgot page.
Apple later took the page down in order to prevent further misapplication of the same. The company also publicly acknowledged the issue and said that a fix was already underway. In a statement to The Verge, the company said, “Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix.”
And now, the issue has indeed been fixed and the iForgot page has been restored online.
To minimize the risk of password compromise, it’s recommended that you enable two-step verification for your Apple ID. To learn more about the process, read our post about it here.