A major security flaw was discovered Friday that makes it possible to easily change another user's Apple ID password and hijack the account.
Tech news site The Verge said it found the step-by-step tutorial online. The tutorial shows users how to use a modified Apple URL to gain access to someone else's Apple ID account and reset that person's password.
The Verge did not share the link to the tutorial out of security concerns, but it recommended that users enable Apple ID's two-step verification in order to protect their accounts. Two-step verification is an optional safeguard users can add that sends a new code to their phones each time they want to access their Apple account.
Unfortunately, though, some users are reporting that after they try to enable two-step verification they are getting messages saying that they must wait three days before the added safeguard starts working. The process is also only currently available to users in the U.S., U.K., Australia, Ireland and New Zealand. Users in other countries cannot use this process to protect their accounts.