How easy is it to crack into an Apple iCloud account? We tried to find out

“Accessing someone’s Apple account requires only three things: their email address, their date of birth, and the answers to two out of three security questions,” Nick Evershed and Paul Farrell report for The Guardian. “This is assuming they don’t have two-step verification enabled.”

“If you have all these, you’re able to reset their Apple ID password to one that only you know and then access their iTunes and iCloud accounts,” Evershed and Farrell report. “You don’t require access to their email. Once you have access to their Apple ID, you can access recent photos and back-ups if they have these features enabled.”

“While we don’t know the exact method people used to access celebrities’ accounts, Apple did release a statement which appears to confirm that a method similar to that described above was used,” Evershed and Farrell report. “To see how difficult it is to crack someone’s account, we’re going to try and access each other’s accounts and see how far we get.”

See how far they got in the full article here.

MacDailyNews Note: Use two-step verification for Apple ID to keep your personal information as secure as possible. More info here.

Always use unique passwords, do not reuse passwords for different services, and use Apple’s Keychain Access and iCloud Keychain to create and manage them. When used properly, this system works like a dream.

16 Comments

  1. if a site doesn’t allow me to make up my own security questions and asks simple standard ones like Name of High School:

    I either make a fake name or put an attachment like 242424 or AXAXAX to the name. Like Glendale High becomes Glendale HighAXAXAX.

    I use the same attachment for various things so I remember it but don’t tell anyone about it.
    (in similar vein you can add your dog’s etc name to every question. Glendale High becomes GlendaleSnoopy High.)

    Not perfect but it makes it way harder to break before too many tries creates a lock out.

    1. to clarify:

      I use this method because security questions are normally activated when you FORGET your password. So having a weird name like 73856bxwto as a security question answer defeats the purpose as I’ll probably forget that too.

    2. The security questions maybe somewhat simple, like ‘what high school..’ and the first thing you think is what high school did I. But the answer you give doesn’t have to be about a high school. Come on people, think ‘outside the box’. Using the above question, give an answer like the second car you ever owned, or where you had your first accident. You don’t need a question to tell you what answers to give, you need the answers that you think will protect yourselves.

    1. Right. I never use real information for those questions, and I’m not even a celebrity! Well, other than in my own mind, of course. Anyway, I just put the nonsense answers in the notes section of my password manager.

  2. @Michael…

    But these are CELEBRITIES…the most important people in the world ever. Haven’t you seen all the television shows and magazines devoted to tracking their every move?

  3. Just as easy to break in to any other service on the internet at least when you do log in and change a password an email is sent to all devices and a notification to your iPhone saying that it was done. If you get one of those messages check you account and change the password.

  4. Let’s see: no numbers for you, you’re a word’s man. What man are you? You’re weak, a man of temptations… Opulent fellow, so what’s your pleasure? Salty snack? No, yours is a sweetie. Always return to your dark master: the cocoa bean. Ovomaltine? Hershey? BOSCO !!!

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.