According to The Verge, if you know someone’s email address and date of birth you can reset their password and gain access to their Apple account.

Screenshot from Apple's site

Screenshot of Apple's Apple ID Support Page

It appears that an update released by Apple rolling out their new two-factor authentication included a huge security hole.

It looks like Apple is working on a hotfix; the password reset link now says it is under maintenance.

In the meantime, changing your date of birth to something no one else knows is probably good idea.