What to do if your iPhone or iCloud gets hacked

Cover image for: What to do if your iPhone or iCloud gets hacked

Data breaches happen almost on a daily basis. Just a few weeks ago, Tesco and Three were victims of security breaches attributed to employee negligence or misconduct.

Criminals don't always target high profile accounts. Phishing, scams, and social engineering can be used for purposes from identity theft to fraud and access to your employer’s database. The type of information a criminal can steal -- as well as the technology through which they can steal -- have radically changed over the past years. Most specifically the threats, information types, and technology currently targeted are cloud-based, and via mobile devices, which can be intercepted, tracked or stolen.

There’s a huge grey area between cyber-criminals and white-hat hackers, who are usually hired by big tech companies to spot and report encryption and security flaws. Hackers aren't always geniuses. It’s a common misconception that prevents both regular users and companies from taking the right measures to prevent cyber attacks or respond appropriately.

Regardless of motivation, anybody can be a target. Just how much do you risk to lose if your account has been hacked?

  • Identity theft can lead to reputational damage and unlawful use of your private information
  • Social engineering & phishing attacks leads to data breaches and access to sensitive information
  • Retail data hacks often associated with data leaks around credit card and customer data
  • Mobile security can lead to many types of damages, some of which are stated above
  • Targeting of children by online predators is a serious criminal offence
  • Attacks on banks are usually masterminded over a long period of time, instead of a hit-and-run
  • Crypto and locker ransomware are most commonly associated with blackmail threats
  • iCloud attacks mostly connected with high profile accounts, which lead to reputation damage and release of sensitive information

Depending on the risk type, the methods of protection are different but almost all of them can be avoided as long as the target knows how to protect themselves.

  1. Identity theft has been on the rise since 2014, with more than 15M US residents affected each year. Identity thieves scoop data from your social media posts, or hack accounts to impersonate you. The same information could be used to open bank accounts on your behalf.

    Usually, you don't know you’ve been a victim, unless a friend who knows you well flags a suspicious event, or unless you have strict notification settings for all of your bank, digital and social media accounts.

  2. Social engineering & phishing attacks are more sophisticated. Pretending to be someone else (a website or a person), attackers can make the target trust them. By using this strategy they will trick the target into entering their credentials on a fake site, controlled by the attacker. The data submitted on the attacker’s site is then used to illegally access the target account. This is how Pippa Middleton's iCloud account was hacked recently.

  3. Retail data hacks. Earlier this year Wendy’s customer databases was infected by a malware that captured credit card data. On the black market, credit card data are available for sale.

    As mobile payment solutions become more popular, malware can be engineered to capture information at point-of-sale or from your device.

    Make sure you have an alert set up for your credit card and that your iCloud account has 2FA enabled.

  4. Mobile security. Smartphone vulnerabilities are easy to exploit by cybercriminals. Data breaches can be app-related or platform related. Sometimes, the phone itself can have a security flaw. Avoid installing any unusual app and check the vendor's credentials to make sure they have security and encryption in place.

  5. Children targeted by online predators. Digital parenting requires a good understanding of how children and teens can be targeted online. We recommend using child monitoring tools to prevent online bullying or other inappropriate interactions with strangers.

  6. Attacks on banks. The most recent attack on banks targeted Tesco Bank. The bank’s employees discovered that 40,000 suspicious transactions were made in a single weekend. They stopped this sophisticated attack without revealing much information, but the lesson is simple: although you take measures to protect yourself, others can expose your data.

  7. Ransomware. This is a term for malicious software which encrypts or "locks" files on your computer by scrambling them with a code known only to the attacker. The attacker will then offer to sell the unlock code to the victim for payment (usually made using Bitcoin or some other untraceable payment method).

  8. iCloud attacks. Last year, an iCloud security breach has allowed hackers to use a brute force tool in order to defeat some of the protections for iCloud accounts; Apple rapidly fixed the issue.

Can it happen to you?

As much as we love making iPhone Backup Extractor the best tool for data recovery out there, we’d rather help you not get into a data breach situation in the first place.

Cyber attacks are so prevalent that it takes a lot of resources and energy to cover and understand all possible types of attacks. To make this easier for you, we also publish a guide to help prevent your iCloud account from being hacked.

What to do if you’ve been hacked

If you’ve been hacked you need. Your options are sometimes limited, but you still can do a lot of things to prevent additional damage.

  1. Contact the police. If someone claims they've stolen your data, or tries to blackmail you, it's likely a criminal offence. If someone is bullying your child online or tried to get in touch with him in any way, contact the police and offer them all the data required. Ask your children whether they gave away personal data (address, family members’ name, school) to prevent any dangerous incident.

  2. Take back your hacked account. The main online services usually have various protection methods to prevent losing users accounts. Using these methods, you can recover a hacked account. To make this task easier, use these direct links to recover your online accounts: Apple, Google, Yahoo, Facebook, Twitter and Microsoft.

  3. Check if the account recovery options have been modified. Hacker may use various recovery options to make sure they can get back in your account. Remove any suspicious recovery method and update the recovery options.

  4. Update your security questions associated with the hacked accounts.

  5. Activate two-factor authentication (2FA) on your devices or on your credit card. Any hacking attempt will be blocked before the start if you have this security feature active.

  6. Check all associated accounts. If you discover a hacked account and you change the password, this doesn’t mean your data is safe. You need to check all accounts associated with the hacked email because someone could access other data using credentials stolen from the first account hacked. For example, someone could access your cloud account if is associated with the hacked email. Make sure you also update these credentials.

  7. De-authorize apps able to access these accounts. Sometimes an infected app is responsible for the hacking. By removing them or disabling the access to the hacked account you'll avoid any new hack.

  8. Lock your credit card. If your credit card data has been exposed or if your account was used by a hacker, block it as soon as it possible. Based on a filed police report, your credit card can be blocked by your bank.

  9. Install robust security software and scan all your devices. You need to use decent anti-virus software to check whether a keylogger, virus or malware is present on your machine.

  10. Update the firmware or operating system of your affected device. The old versions of firmware or outdated operating systems usually have security issues. Make sure you update your devices, to prevent any security weakness.

  11. Try to recover your data. If you’re the victim of ransomware you don’t have many options, especially if you don't have a backup of your data.

    Data encrypted with some older ransomware software can be unlocked for free thanks to the efforts of law enforcement and the anti-virus industry. There is a list of tools at noransom.kaspersky.com. Be warned that some criminals sell supposed "unlocking" tools for a fee, or will offer a free tool that will just re-infect your computer, so only download software from a reputable source.

    If the ransomware is not one for which there is an unlocking tool then you don't really have many options. If you have a backup of your data then the best option is usually to wipe your computer and restore from the backup.

    Alternatively, if you have the System Restore (Windows) or Time Machine (macOS) options active, you can try to recover the encrypted data with a restore. On Windows you can also try to retrieve your data using ShadowExplorer which is a tool that searches for shadow copies of your files and allows you to save them. This doesn't always work as newer ransomware will also seek out and delete the shadow copy backups as part of the infection process.

    Whatever you end up doing, always make sure you have removed the malicious software by using an anti-virus program. If you try to remove the crypto-locker ransomware, you may lose all your encrypted data.


Many cybersecurity risks can be avoided with a little forethought. From clicking on an unusual link to offering data by mistake directly to hackers, your reputation, earnings, and safety could be at risk. Make sure you follow these recommendations to better protect yourself and your family.

How can we help?

Our support team are here to help!

Our office hours are Monday to Friday, 9 AM to 5 PM GMT. The time is currently 6:53 PM GMT.

We aim to reply to all messages within one working day.

Go to support section › Contact support ›
Our awesome support team

Can we improve this article?

We love hearing from users: why not drop us an email, leave a comment, or tweet @reincubate?

© 2008 - 2020 Reincubate Ltd. All rights reserved. Registered in England and Wales #5189175, VAT GB151788978. Reincubate® and Camo® are registered trademarks. Privacy policy & terms. We recommend 2FA. Built with in London.