Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

PSA: Avoid thieves seeing your iPhone passcode to avoid this awful scenario

Apple has issued a statement sympathising with iPhone owners who’ve been permanently locked out of their Apple ID account by thieves who’ve leveraged the recovery key security option.

The company was responding to a Wall Street Journal report, which pointed out that if a nefarious thief gains access to the phone through the passcode, they can use the stolen phone or tablet to set or reset the 28-character recovery code that can be used to regain access to a compromised account.

Get an iPhone 13 with unlimited data for £32.99 a month

Get an iPhone 13 with unlimited data for £32.99 a month

Get the iPhone 13 on an iD contract with unlimited texts, minutes, and data for £32.99 a month and £79 up front.

  • Unlimited data
  • £32.99 per month
View Deal

This is a step further from previous reporting that said thieves were doing the same to reset the Apple ID password, while turning off the Find My iPhone to prevent the user from tracking down the device via GPS.

Folks also risk being subject to theft via Apple Pay or the device being completely remotely erased. It’s also possible for the thief to gain access to all manner of sensitive data, once they have access to the phone.

Without the recovery code it’s extremely difficult to regain access to an account. Indeed, on its own website, the company does say “you could be locked out of your account permanently” if you lose access to the device and the recovery key.

The Wall Street Journal quotes one user in particular who has been locked out of his account since October and has attempted to prove his identity to Apple without success. He’s trying to get access to eight years of photos that were only backed up to iCloud.

“We sympathize with people who have had this experience and we take all attacks on our users very seriously, no matter how rare,” an Apple spokesperson told The Wall Street Journal (via MacRumors).

“We work tirelessly every day to protect our users’ accounts and data, and are always investigating additional protections against emerging threats like this one.”

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.

Trusted Reviews Logo

Sign up to our newsletter

Get the best of Trusted Reviews delivered right to your inbox.

This is a test error message with some extra words