Your Apple ID is the account you use to access Apple services like the App Store, Apple Music, iCloud, iMessage, FaceTime, etc. Here are the steps you can take to protect yourself in the event of a hack.
First, ask yourself these three questions:
1) Am I 100% sure I have not forgotten my password?
2) Do any of my friends or family have access to this Apple ID account (i.e. for sharing iTunes/App Store purchases)?
3) What makes me think I have been hacked?
Some typical signs include:
Blocked access— You can no longer access your Apple account as your password is different, your recovery methods changed, or you do not receive any verification codes.
This can also include your device being locked or placed in Lost Mode by someone other than you.
Confirmation email from Apple— You have received a confirmation email from [email protected] that your Apple ID password was changed or your account information was updated, but you didn't request these changes.
You may also see charges or notices for purchases that you didn't make. The email subject would show as "Your receipt from Apple."
Unusual login activity— You have received an email from [email protected] or a push notification to one of your Apple devices that your Apple ID was used to sign in to a device you don't recognize or did not sign in to recently. You can view and remove any logged in devices using iOS, macOS, or through your Apple ID account.
On iOS: Settings>[your name]>Select a device from the list>Remove from account>Confirm.
On macOS: Apple menu ⚙️ >System Preferences>iCloud>Account Details>Devices>Select a device from the list>Remove from account>Confirm.
On the web: Go to the Apple ID account page>Sign in>Devices>Remove from account>Confirm.
Suspicious behavior— Any odd messages that you do not recognize sending, reading, or deleting can indicate compromise. Your friends and family may also claim to receive a lot of spam from you. Additionally, some of your account details or settings may look a little different.
If you have been hacked but can still access your Apple ID, immediately:
Change your account password. Make it strong and unique, and do not share it with anyone. It should be changed every 6 months, and can be stored in a password manager.
From your iPhone, iPad, iPod touch, or Apple Watch: Settings>[your name]>Password & Security>Change Password. You may then enter your new password and select Change or Change Password.
From your Mac: Apple menu ⚙️ >System Preferences>Apple ID>Password & Security>Change Password. You'll need to enter your Mac password before you can change your Apple ID password.
From the web: Sign in to appleid.apple.com>Sign-In and Security>Password. You will need to enter your current password, then enter your new password and select Change Password.
Enable two-factor authentication (2FA). When you enable 2FA, signing into your Apple account will require both your password and access to your trusted devices or trusted phone number.
From your iPhone, iPad, iPod touch, or Apple Watch: Settings>[your name]>Password & Security>Turn On Two-Factor Authentication>Continue. You'll need to enter the phone number you want to use for 2FA then choose between verification codes via text message or an automated phone call. Tap Next, then verify your phone number to turn on 2FA.
From your Mac: Apple menu ⚙️ >System Preferences>Apple ID>Password & Security>Turn On Two-Factor Authentication.
From the web: Sign in to appleid.apple.com>Upgrade Account Security>Continue. Enter the phone number you want to use for 2FA then choose between verification codes via text message or an automated phone call. Tap Continue, then verify your phone number to turn on 2FA.
💡 Tip: When you enable 2FA for your Apple ID, always use a device passcode on all your devices and keep your trusted phone number(s) up to date. This will ensure that you never lose access to your Apple ID account, even if you happen to lose access to your device.
Review all the personal and security information in your account. Be sure to update any information that was changed or is no longer up to date. This includes the following:
Your full name
The primary email address associated with your Apple ID
Alternate email addresses, rescue email addresses, and phone numbers
Devices associated with your Apple ID
Security questions and answers.
If you have been hacked and can no longer access your Apple ID:
Make sure your account isn't just locked. If you receive a message that your Apple account is locked when you try to log in, you can first try to reset or unlock your account. To do so, Go to iforgot.apple.com>enter your Apple ID>Reset your password>Continue. You'll then be able to either answer your security questions, get an email, or enter your Recovery Key.
In some cases you may be able to use someone else's device to reset your account. See here for more details.
Start the Apple Account Recovery process. You should only use account recovery as a last resort when you can’t sign in or reset your Apple ID password. You can submit Account Recovery requests through iforgot.apple.com. You'll get an email with a confirmation of your request and when you can expect to regain access (about 5-10 business days on average).
Try to avoid using the device you submitted your request through, as this may delay the recovery process.
If you can, turn off other devices that are signed in to your Apple ID until account recovery is complete.
You can always go to iforgot.apple.com for status updates. You may be asked to share extra information to speed up the recovery process. Always ensure you are only giving personal information to a legitimate Apple contact.
You can cancel an Apple account recovery request by following the instructions in your original email confirmation.
Things to keep in mind with Apple:
You need to add as many recovery methods as possible, since this will give you the best chance at regaining access to your account in the event of a hack.
If you are having difficulties specific to Apple ID, you can Contact Apple Support for assistance with account reset and recovery.
If you want to share purchases with someone, use Family Sharing instead of giving them access to your Apple ID. This allows you to share music, subscriptions, calendars, photos, and much more.