The new Apple ID password reset issue is plaguing iPhone, iPad and MacBook users

I woke up early this morning, and like millions of people, the first thing I did was check my iPhone for messages, weather reports, and news. Unlike any other day, I found myself signed out of my Apple ID and not only asked to enter my password again, but to change it to a new one. Looks like I'm not alone.

although Apple System Status page It reports no problems at all, which seems far from the case. A quick scan of social media is all it takes to realize this is happening on a massive scale. In fact, my colleague Zach Duffman, who also contributes to Forbes' cybersecurity section, told me the same thing happened.

More from ForbesMicrosoft warns Windows users of ongoing Russian hacking attackby Davy Winder

The issue appears to have started late on Friday, April 26, with reports of users being logged out of their Apple IDs. This is not device specific and appears to affect iPhone, iPad, and MacBooks users.

As someone who cares about security, I immediately thought something might be wrong since there have been some recent attacks that involved password resets. However, as my colleague Kate O'Flaherty reported in March, these rely on a “bombing” two-factor authentication method whereas the current situation is to directly “reset your password” without needing anything else. The two-factor authentication bombing attackers were following up with a call pretending to be from Apple Support, but I never received such a call and haven't read reports of anyone else getting one either.

The issue also means that users will not only need to log in again on all devices, but they will also need to reset all app passwords. Currently, it is unknown whether this is a bug or a security incident. I've asked Apple for a statement and will update this breaking story as soon as I have more information.

More from ForbesSerious email security flaws found in top 4 Apple, Gmail, Outlook, and Yahooby Davy Winder

“When anything comes up out of the blue, such as a password reset or one-time password request, it's important to conduct further investigation and research where possible before following any specific prompts,” said Jake Moore, global cybersecurity advisor at ESET. “This seems to be a real bug that many have been involved in. Although it is painful, it is actually often a good idea to reset all connected devices and change the password every now and then or when a data breach occurs. However, care is taken Due diligence is vital when dealing with unwanted notifications and MFA should be turned on by default for all accounts.