Recently an exploit was detected in Apple’s password recovery process in the iforgot page. Your Apple id could be hacked by knowing only your date of birth and email address. The hacking process involved passing modified URL while answering the date of birth question in the password retrieval page. Hackers could then easily reset the original user’s password.
Apple immediately reacted to this problem by disabling iforgot page and adding a two step verification process for account modification where users could only modify their account by entering a PIN code accessible via Find My iphone or a registered phone number.
However, the iforgot page is back online and Apple has assured that the security issue has been resolved.