How to stop hackers from stealing (and selling) your Apple ID

Hackers want it. You can protect it, but only if you know how.

Rick Broida Senior Editor
Rick Broida is the author of numerous books and thousands of reviews, features and blog posts. He writes CNET's popular Cheapskate blog and co-hosts Protocol 1: A Travelers Podcast (about the TV show Travelers). He lives in Michigan, where he previously owned two escape rooms (chronicled in the ebook "I Was a Middle-Aged Zombie").
Rick Broida
3 min read
Enlarge Image

Hackers are after your Apple ID, which fetches a high price on the dark web. Here's how to lock them out.

Screenshot by Rick Broida/CNET

Here's some sobering news: Hackers are reportedly selling Apple IDs on the dark web for about $15 a pop. Yep, someone has literally put a price on your personal information -- and it's the equivalent of one month's worth of HBO Now.

Of course, a compromised Apple ID could cost you a lot more than that, as thieves could potentially use it to access (or even create) other accounts in your name.

Needless to say, it's critical that you take every conceivable measure to protect it. There's nothing difficult here, but you just need to devote a little time and diligence. First up: Stop serving up your Apple ID on a silver platter!

Learn to spot phishing attempts

How do hackers manage to steal Apple IDs? Believe it or not, in some cases people unknowingly hand them over. That's because they fall for phishing: email that appears to be from Apple but is really a fake designed to collect personal information.

For example, you receive an email that closely resembles other, legitimate, messages you've received from Apple. It has the same font, the same formatting, the Apple logo and so on. And it says, disturbingly, that your account has been compromised.

Watch this: How to protect your Apple ID from hackers

But no problem! Just "click here to reset your password and protect your identity." That click takes you to another convincing fake: an Apple lookalike page where you're asked to enter your user ID, password and, if the hackers are feeling especially bold, your Social Security number.

Just being aware that phishing exists is a good first step. Beyond that, remember this simple advice: Never, ever, ever click a link in an email that purports to take you to an account page. Instead, open your browser (or app) and sign into your account directly.

For more on this, learn how to spot a phishing email. And check out Apple's recent post on identifying legitimate emails from the App Store and iTunes Store.

Set up two-step verification

Suppose a hacker buys your stolen Apple ID. They then attempt to take control of your account by changing your associated email address and password. Once that happens, well, you're kinda screwed.

One nearly foolproof way to prevent that from happening: set up two-step verification (aka two-factor authentication, or 2FA). With that in place, it's much harder for someone to make changes to your account. That's because in the aforementioned scenario, the hacker can't do anything without providing a verification code -- which is delivered to a device in your possession, usually your phone.

This added layer of protection does involve an extra layer of hassle, because now you have to jump through the two-step verification hoops when you want to make changes yourself. But that's a small price to pay for this important security measure.

Here's how to set up two-step verification for your Apple ID and what you should know about two-factor authentication in general.

Use a password manager


LastPass is a free password manager that does just about everything. So why aren't you using it?


I can't say this often enough: If you're not using a password manager, you're making it infinitely easier for hackers to ruin your life. Without one, it's a safe bet you're using the same few (probably terrible) passwords for Apple, Amazon , your bank, your credit card and so on -- because it's so challenging to manage them otherwise.

A password manager not only solves the management problem, but also generates longer, tougher-to-crack passwords for you to use. (Some of these utilities can also automatically log into your accounts and replace poor passwords with better ones.)

There are lots of freebie password managers out there, but it's worth paying a little extra for a premium subscription that synchronizes your passwords between devices. (Actually, the free version of LastPass does that already.) Dashlane Premium is among the managers that can identify weak or duplicate passwords and automatically replace them with better ones.

By making just a few changes to your security and learning how to spot phishing emails, you can make it much, much harder for hackers to steal -- and profit from -- your Apple ID.