Hacked Apple account: recover your Apple ID and iCloud
The short version: if any of your own Apple devices is still signed in, reset the password from it, Settings, your name, Sign-In and Security. Otherwise go to iforgot.apple.com. If the attacker changed your trusted number or devices you will land in Apple's account recovery process, which has a deliberate waiting period, sometimes days. Start it now, keep the request clean, and do not trust anyone who phones you about it, Apple does not call.
Start here: the official recovery path
Apple's recovery is device-centred: the more Apple hardware you still control, the faster this goes. Work from strongest to weakest:
- Reset from your own Apple device if you have one. On an iPhone, iPad or Mac already signed in to your account, go to Settings, your name, then Sign-In and Security. A trusted device is the fastest, strongest reset path Apple offers.
- Otherwise start at Apple's recovery site. Go to iforgot.apple.com and follow the steps for a forgotten password. With a trusted phone number still under your control, this can be quick.
- If the attacker changed your trusted details, request account recovery. When you cannot pass the normal checks, iforgot.apple.com moves you into Apple's account recovery process. It deliberately involves a waiting period, sometimes days, while Apple limits the chance it is handing the account to a thief. You can check progress at the same address.
- Keep the recovery request clean. Do not keep retrying other routes while a recovery request is open, and sign in with the account nowhere else. Activity that looks like two people fighting over the account can restart the clock.
- Lock it down once you are in. Change the password, review trusted phone numbers and devices, remove anything that is not yours, and check where your Apple account is signed in.
If the hacker changed your trusted number or devices
Apple responds to fresh security-detail changes by slowing everything down, for both of you. The account recovery process covers this situation; start it immediately at iforgot.apple.com, because the waiting period only begins once the request is lodged. During the wait, resist the urge to hammer other routes: repeated conflicting attempts can look like an account under dispute and extend the delay. One more Apple-specific trap: attackers sometimes enable a recovery key on the account to shut the real owner out of standard recovery, which is why the post-recovery checklist below matters.
Back in? Lock it down before you do anything else
- Review trusted phone numbers and remove any you do not recognise, then add a second number you control.
- Check the device list on your account and remove unknown devices. Check Find My for hardware that is not yours.
- Check whether a recovery key was enabled without your knowledge, and reset it if so.
- Set a unique password and review app-specific passwords.
- Confirm payment methods and shipping details were not changed, an Apple account is also a wallet.
- Reset passwords on accounts that recover through your iCloud email, banking first.
If you cannot get back in
If the official process keeps looping, do not pay anyone who cold-calls or advertises instant recovery, and never pay a ransom for your own account. In Australia, report the takeover through ReportCyber at cyber.gov.au, and if money or identity documents are involved, IDCARE provides free, government-funded support. If the account matters too much to gamble on, our assisted recovery works the provider's process for you: verified identity first, then patient, documented escalations. Start here.
Stop the next one before it starts
Getting the account back is the urgent half. The lasting half is closing the back door that let this happen: account recovery. A strong password and two-step verification guard the login, but a "forgot password" flow aimed at a weak recovery channel walks straight past both. Our guide to the recovery gap explains the mechanics, and the email security guide covers the five moves that actually matter. If you want the back door watched for you, that is exactly what SAFE2RECOVER does: we hold and guard the recovery mail for your important accounts, so a reset you did not ask for gets stopped before it lands. Get protected, there is no card required to start.
Frequently asked questions
Why does Apple account recovery take days?
The waiting period is deliberate. When trusted numbers or devices have just changed, Apple slows everything down so a thief cannot finish the takeover quickly, and so the real owner has time to interrupt it. It is frustrating when you are the real owner, but it is also the mechanism protecting your photos, backups and payment details from being handed to the attacker.
The hacker changed my trusted phone number. Can I still recover my Apple account?
Yes, through account recovery at iforgot.apple.com. You will not be able to use the fast paths that depend on trusted devices or numbers, so the process falls back to a verified, slower review with a waiting period. Start it as soon as possible, the clock only runs once the request is in.
Will Apple ever call me about my hacked account?
No. Apple does not cold-call about account problems, and neither do legitimate recovery processes. Calls claiming to be Apple support about suspicious activity are scams, often aimed at talking you out of a verification code. Hang up, and work only through iforgot.apple.com or Apple support channels you initiated yourself.
What should I check after recovering my Apple ID?
Review trusted phone numbers and remove any you do not recognise, check the device list on your account and remove unknown devices, and change the password to something unique. Check whether a recovery key was enabled without your knowledge, review app-specific passwords, and confirm your payment methods and address details were not changed. Then look at Find My for devices you do not own.