Apple apparently had a bug in their AppleID (used for common log in to Apple's services, including the new Apple Music Store). The bug enabled a crafty web surfer to change the password on any user's account with merely their email address as the key.

The folks at Wired report that they received the claims from a known hacker (who found a similar bug in EBay's systems last year) early last week and, after confirming it, reported it to Apple, who claims to have fixed it as of Friday.

The bug could not disclose credit card numbers, but could have resulted in charges being made on behalf of the users account.