Why did I unexpectedly get a notification on my iPhone that says "Use this iPhone to reset your Apple ID password."?

A notification about resetting my Apple ID password appeared randomly on my iPhone:

I'm alarmed that this means somebody is attempting to break into my Apple account.

If I follow the notification, it just gives me an option to "Don't Allow" or "Allow":

I didn't select either option, and instead reset my phone - which made the notification go away.

To be safe, I updated my Apple ID password (on appleid.apple.com).

What prompted this notification, and do I need to be concerned about the security of my Apple ID?

What happened?

This is actually a widespread issue that was reported by others on macrumors' forums yesterday. Likely we'll see this happen to more and more iPhone users.

This Twitter Thread explains that there is a security flaw in Apple's password reset process which gives explicit confirmation once a correct phone number is inputted for a given Apple ID.

It shows a failure for an incorrect number:

And triggers a notification to your devices for a correct number:

This notification is what caused your iPhone to prompt you to reset your Apple ID password.

What does this mean?

• Your Apple ID was not broken into.
  • It's good practice to update your passwords periodically anyway.
• An attacker now knows your Apple ID and corresponding phone number.
  • I'm not certain what they'll do with this information, but it's valuable.