Skip to Content

Hackers locking users out of iPhones and iPads using stolen Apple IDs

The internet has changed the way most of us live our lives in such a positive way. We can accomplish so many things from the comfort of our own home as opposed to driving several miles and standing in line for who knows how long.

A perfect example of this is the DMV. Most states now allow us to renew our vehicle’s license plates online, instead of dealing with the headache of doing it in person. Since we have such a massive online presence these days, it’s more important than ever to protect your credentials.

You might be surprised to find out that your Apple ID isn’t as secure as you might expect. That’s because of a large underground economy dealing with the manufacturing, theft and sale of Apple IDs. Researcher Claud Xiao brought this to light recently at the BSides SF hacker conference.

Why your Apple ID is at risk

Xiao said, “The problem is, Apple IDs are used with too many services. They include the App Store, Apple Music, iCloud, Find My iPhone, iMessage, the Mac App Store, among others. Every feature can be abused to make a profit.”

He said hackers can exploit Apple IDs to steal money from almost every aspect of the Apple ecosystem. Criminals can use stolen credentials to send users spam Apple Messages and even lock them out of their own gadgets. Once the scammer steals a users’ credentials, they can change the password of the Find My iPhone feature and charge the owner of the gadget a ransom to regain access.

Many times the criminal doesn’t even need to steal an Apple ID directly to gain access to your Apple accounts. That’s because too many people are using the same username and password across multiple websites. If one site has a data breach, the hacker can use the stolen IDs to gain access on all of the accounts that use the same credentials.

Another way criminals steal credentials is through phishing scams. Hackers frequently send emails and text messages claiming to be from a legitimate company, like Apple, asking you to verify your account by clicking a link within the message. The link is most likely fraudulent and typing in your credentials gives them directly to the scammer.

These types of scams are easy to avoid if you know what to watch out for. Follow these safety rules to avoid falling victim.

How to protect your ID

  • Set up two-factor authentication  Two-factor authentication, also known as two-step verification, means that to log in to your account, you need two ways to prove you are who you say you are. It’s like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
  • Use unique passwords – Many people use the same password for multiple websites. This is a terrible mistake. If your credentials are stolen on one site and you use the same username and/or password on others, it’s simple for the cybercriminal to get into each account. Click here to find out how to create hack-proof passwords.
  • Be cautious with links – If you get an email or notification that you find suspicious, don’t click on its links. It could be a phishing attack. It’s always better to type a website’s address directly into a browser than clicking on a link. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn’t what the link claims, do not click on it.
  • Watch for typos – Phishing scams are infamous for having typos. If you receive an email or notification from a reputable company, it should not contain typos. Take our phishing IQ test to see if you can spot a fake email.
  • Check your online accounts  The site Have I Been Pwned allows you to check if your email address has been compromised in a data breach.
  • Have strong security software – Having strong protection on your family’s gadgets is very important. The best defense against digital threats is strong security software.

More stories you can’t miss:

5 questions to ask before clicking ANY link

3 scary tax scams that are spreading like wildfire

Security flaw reveals personal information at 3,400 websites

Ambassador Program background

Refer friends, earn rewards!

Why not share your new source of digital-lifestyle news, tips and advice with others? When your friends and family subscribe to Kim's free newsletters, you earn points toward awesome rewards!

Get Rewarded