Yesterday Apple introduced a new system called two-step verification, having the role of increasing the security of users' Apple IDs. The system came exactly when it was supposed to, because today a vulnerability was made public which allows any person to steal one Apple ID only with a date of birth and an email address. Using a special url, anyone can trick Apple's old system and take control of anyone's Apple ID.
Everything is done through the old Apple ID password recovery system, and the vulnerability is not present in the new two-step verification, so if you have activated it, you can rest easy. The problem is that some users have been told that they can't activate this system, so if you don't have it active and you can't do it, you'd better change the date of birth set for your Apple ID, otherwise you might to be without an account in just a few minutes.
UPDATED: It seems that Apple has deleted the system through which Apple IDs can be recovered, all probably to solve problems before users are left without accounts.
