PSA: Avoid thieves seeing your iPhone passcode to avoid this awful scenario

Apple has issued a statement sympathising with iPhone owners who’ve been permanently locked out of their Apple ID account by thieves who’ve leveraged the recovery key security option.

The company was responding to a Wall Street Journal report, which pointed out that if a nefarious thief gains access to the phone through the passcode, they can use the stolen phone or tablet to set or reset the 28-character recovery code that can be used to regain access to a compromised account.

This is a step further from previous reporting that said thieves were doing the same to reset the Apple ID password, while turning off the Find My iPhone to prevent the user from tracking down the device via GPS.

Folks also risk being subject to theft via Apple Pay or the device being completely remotely erased. It’s also possible for the thief to gain access to all manner of sensitive data, once they have access to the phone.

Without the recovery code it’s extremely difficult to regain access to an account. Indeed, on its own website, the company does say “you could be locked out of your account permanently” if you lose access to the device and the recovery key.

The Wall Street Journal quotes one user in particular who has been locked out of his account since October and has attempted to prove his identity to Apple without success. He’s trying to get access to eight years of photos that were only backed up to iCloud.

“We sympathize with people who have had this experience and we take all attacks on our users very seriously, no matter how rare,” an Apple spokesperson told The Wall Street Journal (via MacRumors).

“We work tirelessly every day to protect our users’ accounts and data, and are always investigating additional protections against emerging threats like this one.”