Was Your Apple ID Hacked? Here's How To Secure Your Account

Share this:

Ryan Toohil

CTO at Aura

In this article:

    Identity theft and fraud protection for your finances, personal info, and devices.

    See pricing
    Share this:

    What Can Happen If Your Apple ID Gets Hacked?

    When Domenic Iacovone got the phone call, he thought he was protecting his Apple ID. But it wasn’t a call from Apple support — it was a scammer on the other end of the line [*]. 

    Within minutes, the hacker had taken over Iacovone’s Apple ID and made off with $650,000 in cryptocurrency assets by using recovery keys stored in Iacovone’s iCloud backups.

    Apple ID attacks are more common than you may think. Account takeover fraud increased by 131% [*] in the first half of 2022; and for years, Apple has ranked among the top 10 brands that hackers impersonate [*].

    Some of the worst celebrity hacks of all time have targeted Apple IDs because they provide access to so much of our digital lives.

    If you think your Apple ID might have been hacked, you need to act quickly. In this guide, we’ll explain how your Apple ID gets hacked, the warning signs to look out for, and how to secure your account from scammers. 

    How Can Your Apple ID Get Hacked? What Do Hackers Do With It?

    Your Apple ID is the username and password associated with your Apple account. It’s used to verify your identity across Apple devices — like your iPhone, iPad, or Mac.

    With control of your Apple ID, hackers can see your personal information and track your location — as well as the locations of your connected friends — along with the locations of your devices (including AirPods and AirTags). 

    They can see iCloud content, including photos and crypto wallet backups. They can scam your friends by posing as you. And they can access your saved payment methods, including credit cards and Apple Pay.

    Technically, no Apple ID has ever been “hacked” (as Apple’s servers themselves haven’t been compromised at the time of this writing).

    But there are several ways for scammers to take over your account, including:

    • If your device was stolen or lost.
    • Someone who knows your password used it without your permission.
    • You use your Apple ID password on another account that was hacked. (To find out if this is the case, run a Dark Web scan to view breached passwords associated with your email.)
    Check if your accounts have been compromised by using Aura’s free Dark Web scanner. 
    Check if your accounts have been compromised by using Aura’s free Dark Web scanner. 
    • You clink on a link or visit a fake website in a fake Apple phishing email.
    • Scammers trick you into giving them your password or one-time security code.
    • Hackers infiltrated your email account and used it to initiate a password reset.
    • You entered your login information on a fraudulent website or fake “Sign in with Apple” prompt.
    • Cybercriminals have switched your phone number to a device that they own via SIM swapping.
    Take action: Your bank accounts, email, and identity could all be at risk if scammers have access to your Apple ID. Try Aura’s top-rated identity theft protection free for 14 days to protect your accounts and sensitive information from fraudsters.

    How To Tell If Your Apple ID was Hacked: 8 Warning Signs 

    Once hackers log in to your Apple account, they work quickly to take control. Here are some common warning signs that your account may be compromised.

    1. Your Apple ID password stops working.
    2. Your device is locked or was put into “Lost Mode.”
    3. You see files, apps, photos, or messages that you don’t recognize stored in iCloud or anywhere on your device.
    4. You get an email from Apple saying that someone logged in to your account on a new device.
    Example of a warning email from Apple that your Apple ID was used to log in to another device
    Here’s what an email from Apple could look like. Source: Aura Team
    1. You’re notified that the email or phone number associated with your account was changed.
    2. You’re notified that your password was changed.
    3. You see receipts or confirmations of unfamiliar charges from the App Store or iTunes store.
    4. Your account details are different or altered — such as an unfamiliar name or billing address.

    💡 Related: Was Your Gmail Account Hacked? Here’s What To Do

    What To Do If Your Apple ID Is Hacked

    1. Try signing in to your Apple ID
    2. Regain control of your account
    3. Change your Apple ID password
    4. Set up two-factor authentication (2FA) on your Apple ID
    5. Check your Apple ID device list and remove unrecognized devices
    6. Review and update your account’s personal information
    7. Make sure your Apple ID is secure
    8. Look for signs of identity theft
    9. Consider signing up for a digital security solution

    If you suspect your Apple ID has been hacked, act quickly. Here are the steps to take as soon as you believe your account has been compromised.

    1. Try signing in to your Apple ID

    One of the first things hackers do when they gain access to an account is change the password to lock out the original owner. At the first sign of hacking, try to log in to your account to see if you still have access.

    If you can’t log in, it could mean someone else has changed the login information to claim control of your account, and you should move to step two.

    Here’s what to do:

    • On a device you own with a secure internet connection, go to appleid.apple.com or icloud.com. Click “Sign In” and enter your email address and password.
    • If you can log in successfully to your Apple ID account page, move to step three to set a new password and protect your account.
    • If you can’t log in or get a notification that the account is locked, follow the instructions in step two to reset your password and regain control of your account.

    💡 Related: Can iPhones Get Hacked? How To Tell & What To Do

    2. Regain control of your account

    If you can’t log in to your Apple ID using your current password and don’t have access to a signed-in device, you’ll need to initiate a password reset. You can do this on a borrowed device or on the web.

    Here’s what to do:

    • On a borrowed iOS device: Download and open the Apple Support app. Tap “Reset Password,” then select “A different Apple ID” and “Continue.” Follow the instructions to reset the account.

    How to reset your Apple ID using the Apple Support app
    Reset your Apple ID using the Apple Support app. Source: Aura Team
    • Online: Visit iforgot.apple.com and follow the instructions to reset your account. This option takes the longest — so only use it if you don’t have a trusted device nearby.
    • Apple Support: If you still cannot regain control of your account, contact Apple.
    • Get a new Apple ID: If you’re unable to regain control of your account, the only remaining solution may be to get a new Apple ID.

    3. Change your Apple ID password

    Once you log in to your Apple ID account, you should change the password immediately. This will lock out any hackers who also have access to your account.

    Choose a strong, unique new password that you aren’t using anywhere else. It should be at least 12 characters long and include uppercase and lowercase letters, numbers, and symbols.

    Here’s what to do:

    • On an Apple device you own: Open the Settings app and click or tap on your name, then “Password & Security,” then “Change Password.” Enter your Mac account password (passcode for iOS devices), and then create a new password for your Apple ID.
    How to change your Apple ID password on your devices
    • On the web: Go to appleid.apple.com and sign in. Go to Sign-In and Security > Password and enter a new password. Check the box to sign out current devices.

    4. Set up two-factor authentication (2FA) on your Apple ID

    By default, your Apple ID is protected with security questions. You can improve the security of your account by setting up two-factor authentication, which requires a one-time passcode from a separate device in addition to your username and password.

    How to set up 2FA on your Apple ID
    Set up 2FA on your Apple ID for added security. Source: Apple

    Here’s what to do:

    • On a Mac: Open System Settings (or System Preferences), click on your name > Password & Security > Two-Factor Authentication to set it up.
    • On an iOS device: Open the Settings app, tap your name > Password & Security > Two-Factor Authentication and follow the steps.
    • On the web: Go to appleid.apple.com and sign in to your account. When you’re prompted to upgrade account security, click on “continue” and follow the instructions.
    • If you don’t have a trusted device with you: You can tap “Didn’t Get a Code” to receive a text message sent to one of your saved phone numbers.

    💡 Related: The Best LastPass Alternatives in 2023 (Free & Paid)

    5. Check your Apple ID device list and remove unrecognized devices

    If you believe someone else has logged in to your Apple account, you should look at all devices that are signed in. If someone has used your Apple ID on another device, remove it from your account.

    Here’s what to do:

    • On an Apple device: Open the “Settings” app, click or tap on your name, and scroll to the bottom to see a list of devices on which you’re signed in.
    • On a Windows PC: Open iCloud for Windows > Manage Apple ID to see registered devices.
    • On the web: Sign in to appleid.apple.com and select “Devices.”
    • Click or tap on any devices that you don’t recognize. For any devices that aren’t yours, click “Remove from Account.” You may need to answer security questions to access some device information.
    How to remove unrecognized devices from your Apple ID
    Remove unrecognized devices from your Apple ID

    6. Review and update your account’s personal information

    One of the first steps that hackers take upon infiltrating your account is to change your account information. By adding alternate emails or phone numbers, they can access iMessage and other areas of your account — even once you retake control.

    Here’s what to do:

    • Go to the Settings app > Your Name > Name, Phone, Email.
    • Verify that all information is correct, and update as necessary. This includes your name, birthdate, phone numbers, and email addresses.

    7. Make sure your Apple ID is secure

    Only you should have access to your Apple ID. Anyone who has it can take over your Apple devices, view all content in iCloud, make purchases in the App Store or iTunes Store, and even use the “Find My” app to locate you and your devices.

    Here’s what to do:

    • Make sure every device you use is associated with your Apple ID — and only your Apple ID. You can see this information in the “Settings” app.
    • If you’ve ever shared your login information with someone else, change your password.
    • Make sure you can still access all associated email addresses and phone numbers. If you don’t have access, remove them from your account.
    • See if your password has been leaked to the Dark Web using Aura’s free Dark Web scanner.
    Aura's free Dark Web scanner

    8. Look for signs of identity theft

    If your Apple ID has been compromised, this could be a warning sign of other kinds of identity theft. Look out for common signs of identity theft and stay vigilant to protect yourself.

    Here’s what to do:

    • Run a Dark Web scan to see if your personally identifiable information (PII) has been leaked online.
    • Review your email for notifications of login attempts on other accounts, like Facebook or Gmail.
    • Review your financial accounts, including bank and credit card statements, for activities that you don’t recognize.
    • Request a copy of your credit report at AnnualCreditReport.com and look for credit inquiries you don’t recognize.

    9. Consider signing up for a digital security solution

    Your Apple ID is more than just the password to your iCloud account – it’s a key to your digital life. 

    Your Apple ID gives hackers access to your devices, personal data, geographic location, payment methods, and more. But protecting your Apple ID — and the rest of your online identity — can be a full-time job. 

    Here’s how Aura keeps you safe online:

    • Secure password manager with leaked password alerts. Aura stores all of your account passwords in a secure place and warns you if they’ve been compromised in a data breach.
    • Powerful antivirus software and a military-grade virtual private network (VPN). Aura’s digital security tools protect your devices and networks from hackers. You’ll even get warned if you’re entering a phishing site. 
    • Top-rated identity theft protection. Aura constantly monitors your most sensitive information — including your Social Security number (SSN), name, address, and more — and alerts you in near real-time if your data is being used by criminals. 
    • Credit, bank, and investment account monitoring and 4x faster fraud alerts. Aura keeps your finances safe by monitoring your credit across all three bureaus (Experian, Equifax, and TransUnion), and warns you of suspicious transactions and activity. 
    • $1,000,000 insurance for eligible losses due to identity theft. If the worst should happen, you get 24/7 access to U.S.-based Fraud Remediation Specialists as well as $1 million in insurance coverage for stolen funds and other eligible losses. 
    Start your free trial of Aura. Get access to all of Aura’s features free for 14 days

    How To Secure Your Apple ID and Your Entire Digital Life

    The biggest vulnerability of your Apple ID — and your entire life online — is your day-to-day cyber hygiene. Nearly all Apple ID hacks happen because people either haven’t secured their login information or unwittingly share it with scammers.

    How you protect your accounts, safeguard your information, and monitor threats and potential phishing attacks are the most important factors in maintaining your digital security.

    To protect your Apple ID and other accounts, take these important steps:

    • Use unique, strong passwords. Passwords are your first and sometimes only defense. Create passwords that are 12 to 15 characters long and include numbers, symbols, and upper- and lower-case letters. Never use the same password for more than one account.
    • Set up two-factor authentication. Set up 2FA on every account that offers it. Research from Microsoft shows that 2FA can block over 99.9% of account compromise attacks [*].
    • Use antivirus software. This will scan your device for programs that could harm your computer.
    • Keep software up to date. Outdated operating systems and apps can be vulnerable to hacking, so keep them updated and enable automatic updates whenever possible.
    • Don’t respond to messages from unknown senders. Ignore text messages, emails, phone calls, and voicemails from numbers or email  addresses that you don’t recognize or that use fear tactics. Forward suspicious messages to reportphishing@apple.com.
    Example of a phishing email targeting an Apple user.
    Example of a phishing email targeting an Apple user. Source: Reddit

    The Bottom Line: Keep Your Apple ID Away From Scammers

    Your Apple ID is an integral key to your digital life. Keeping your identity safe can be challenging, but it doesn’t have to be. Aura helps protect you and your family online and has your back 24/7 if the worst should happen.

    Protect your Apple ID from scammers. Try Aura free for 14 days

    Related Articles

    Illustration showing a warning symbol on top of a phone
    Internet Security

    How To Know if Your Phone Is Hacked (and What To Do)

    Scammers know your phone is a goldmine of sensitive accounts and personal information. Here’s how to know if your phone is hacked and what to do about it.

    Read More
    October 7, 2022
    what is digital security
    Internet Security

    Digital Security: Your Online Privacy Guide for 2023

    Learn how to strengthen your personal digital security and online protection. Cybercriminals are smart. But you have to be smarter.

    Read More
    December 29, 2022

    Try Aura—14 Days Free

    Start your free trial today**

    This is some text inside of a div block.

    Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Aenean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.

    1. Financial identity theft and fraud
    2. Medical identity theft
    3. Child identity theft
    4. Elder fraud and estate identity theft
    5. “Friendly” or familial identity theft
    6. Employment identity theft
    7. Criminal identity theft
    8. Tax identity theft
    9. Unemployment and government benefits identity theft
    10. Synthetic identity theft
    11. Identity cloning
    12. Account takeovers (social media, email, etc.)
    13. Social Security number identity theft
    14. Biometric ID theft
    15. Crypto account takeovers