If you have an Apple ID, you may have been hacked

November 13, 2018

Apple does a great job of giving you the tools to keep your account and gadgets secure, but just like any other connected service, Apple IDs are constant targets for hackers and scammers lurking out there.

Hackers are exploiting the sheer number of Apple users to their advantage, trying out different email addresses stolen from other data breaches to try and infiltrate accounts.

The annoying part is that by attempting to sign in as you, they can even lock you out of your own account! As evidenced by a growing number of baffled iPhone owners, a wave of locked Apple IDs is quickly spreading. Could it be hackers at work again?

Apple IDs are getting locked for unknown reasons

A growing number of Apple gadget users are reporting that their Apple ID has been locked, and for security purposes, they are being asked to re-verify their identity.

A locked Apple ID is bad news since it prevents you from accessing your Apple and iCloud services, including the App Store, Apple Music, iCloud, iMessage and more.

Several users on Reddit and Twitter are complaining about the unexpected issue, and in some cases, they’re being asked to unlock their accounts by answering their security questions and entering a trusted phone number for two-factor authentication.

The posts suggest that these lockouts are occurring randomly and without prior warning on various Apple devices such as the iPhone, Apple TV, iPad, etc. Several users noted that they do have two-factor authentication enabled and unique passwords set for their Apple IDs.

Locked-out users were able to restore their access to their Apple ID by tapping “Unlock Account” on the iPhone popup box, answering their security questions and validating their identity with their two-factor authentication codes.

This highlights, yet again, the importance of having two-factor authentication enabled on your Apple account.

What’s causing it?

Why do Apple IDs get locked anyway? Here’s what Apple has to say about it:

“If you or someone else enters your password, security questions, or other account information incorrectly too many times, your Apple ID automatically locks to protect your security and you can’t sign in to any Apple services. You can unlock your Apple ID after you verify your identity.”

Although no one knows for sure what’s causing this wave of unlocks, it is very possible that a hacking group is trying to brute-force its way into the affected Apple IDs causing this wave of account lockouts.

Known as a password reuse attack, are the hackers using a database of stolen emails and passwords and they’re trying them out on Apple IDs? That may be the case.

Note: Although unlikely, another possible explanation is that it is simply a new bug on Apple’s account verification system. Apple hasn’t confirmed anything of this sort so but I highly doubt that this is the case.

What should you do if your account is locked?

To unlock your Apple ID, you can go to iforgot.apple.com and enter your existing password. You can also reset your password if you’ve forgotten it.

Keep in mind that after multiple unsuccessful attempts to unlock your account, your Apple ID will remain locked but you can try again the next day. (This is probably the reason why Apple IDs are getting locked anyway – someone is trying to brute-force their way in.)

Additionally, if you use two-factor authentication (you definitely should), you need a trusted device or trusted phone number to unlock your Apple ID with the provided code.

Click here for more tips on how to reset your Apple ID password.

How to protect your Apple ID

• Set up two-factor authentication – Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It’s like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
• Use unique passwords – Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it’s simple for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
• Be cautious with links – If you get an email or notification that you find suspicious, don’t click on its links. It could be a phishing attack. It’s always better to type a website’s address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn’t what the link claims, do not click on it.
• Watch for typos – Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
• Check your online accounts – The site Have I Been Pwned allows you to check if your email address has been compromised in a data breach.
• Have strong security software – Having strong protection on your family’s gadgets is very important. The best defense against digital threats is strong security software.

Tags: accounts, addresses, Apple, Apple iCloud, Apple iPad, Apple iPhone, Apple iTunes, apps, breaches, browser, codes, company, Credentials, data, database, device, devices, digital, email, email addresses, emails, family, gadgets, hackers, iMessage, mistake, Music, online, passwords, phishing, phishing scams, phone, Reddit, scammers, scams, security, security software, services, software, threats, tips and tricks, two-factor authentication, users, verification, warning, website, websites, X (Twitter)