A bug bounty hunter in India found an Apple security hole. Essentially, anyone could request a token for any email ID. Apple’s servers would then verify that token, so an attacker could gain access to any account you had linked to it.
‘Sign In With Apple’ is supposed to increase your online security and privacy by not revealing personal information when you sign up for accounts on websites or in apps. In fact, Apple requires that developers make it available as an option when they also include social sign-up capability from companies like Facebook or Google. Actually, however, it potentially opened up your online accounts to anyone who had your email address and was technical enough to post a simple request to the Apple ID servers.