According to The Verge, someone discovered a way to take over Apple IDs using only the owner’s email address and date of birth.

This appears to be an error exposed when they enabled 2-factor authentication, but as soon as it went public Apple disabled the iForgot feature and locked all accounts down. This seems to be one of those annoying cases where someone decided to disclose something in the press instead of just reporting it and getting it fixed. That’s really damn dangerous when cloud services are involved.

I expect this to be resolved pretty quickly. Possibly before my bracket is blown to unrecoverable levels.

We’ll update as we learn more …