My Apple ID was involved in a data leak
I keep being asked to change my password as people keep trying to steal my data through data recovery. What should I do about this?
iPhone 14 Pro, iOS 17
If you’re getting messages from Apple and from Settings > Passwords > Security Recommendations, you’ll want to address those, and to change the passwords at risk.
If your Apple ID password was involved in a breach, that can mean your password has been re-used, and that password is now known to anybody that cares, which means they’re going to try to use that same password everywhere, which means they’ll be trying or gaining access to your Apple ID, which can end badly.
Change the password to a new and unique value, don’t re-use any passwords, and enable two-factor authentication on your Apple ID if that’s not already been enabled.
If you’re able to acquire and keep track of hardware keys, you can enable Security Keys on your Apple ID as your second factor, which basically blocks all the shenanigans, until and unless somebody steals both one of your hardware keys and has your password.
Password re-use works great, right up until one copy of the password leaks somewhere, and things then tend to get messy and complicated.
If you’d like to see where your email address has been leaked, visit the haveibeenpwned.com website.