If you use Apple services like iCloud, you should be careful now. On May 22, 2025, it was revealed that a massive database containing 184 million login credentials was exposed online. This included credentials for Apple accounts. What initially appeared to be a general security breach directly affects Apple users as well.
You might think your Apple ID is secure because Apple has a high level of security. But the problem isn't with Apple itself. It's the fact that many people reuse their passwords. This means that even an indirect data leak can have consequences for your Apple account. Security researcher Jeremiah Fowler found an unsecured database on an Elasticsearch server containing login credentials from at least 29 countries, including Apple.
What exactly happened
The discovered database contained 47 gigabytes of information and was accessible online without a password or encryption. It contained usernames and passwords for well-known platforms such as Facebook, Google, Microsoft, and Apple. Fowler's original publication on the Planet website did not directly mention Apple services, but a closer investigation revealed that iCloud logins were also included. An analysis by the tech magazine Wired confirmed this: Apple accounts appeared multiple times in a sample of 10,000 entries. The database was quickly taken offline by the hosting provider World Host Group after Fowler's report. Who created or managed it is still unknown. It is also not clear how long the data was publicly accessible or whether criminals have already accessed it.
Why this is relevant for Apple users
Even if Apple's systems weren't directly affected, you as a user are still at risk. Many people use the same passwords for different services. For example, if your Apple password was also used on another website included in this leak, your Apple account may be compromised. The stolen data likely came from so-called infostealer malware, i.e., malicious software that reads stored login credentials from browsers or apps. Apple accounts are considered particularly valuable. They often contain payment information, access to iCloud backups, and allow remote control of devices. Attackers could attempt to log into your account, commit identity theft, view your photos, read emails, or even lock and wipe your devices.
What is still unclear
To this day, it's unknown who is behind the database. It's also unclear whether the data was merely collected or already shared. The server was publicly accessible, but no one knows exactly how long this was the case. The hosting provider has not disclosed any information about the customer responsible for the database. Apple itself has not yet commented on the incident.
- Tip: How to protect your Apple ID from phishing attacks
- Protect yourself from phishing attacks: everything you need to know
- Tip: Recognize legitimate emails from the App Store or iTunes Store
What you should do now
If you use your Apple ID for other services, you should change your password immediately. Choose a strong, long password that you use only for Apple. Also, enable two-factor authentication if you haven't already. You can find this feature at account.apple.com or directly in your device's settings. Use a password manager, such as Apple Passwords or another trusted service. This allows you to create a different password for each website and avoid having to remember it repeatedly. This reduces the risk of a single data breach affecting multiple accounts.
- If you use iCloud+, you can also activate the "Hide My Email" service. This gives you a unique, anonymous email address for each registration, which is forwarded to your Apple inbox. This provides additional protection against spam and phishing.
- You can also check whether your email address or passwords have already appeared in known leaks. Tools like "Have I Been Pwned" can help you with this. Even if your Apple ID doesn't appear there, other accounts where you used the same password may be affected.
- In your iPhone or Mac's settings, under "Apple ID > Password & Security," you can see which devices have access to your account and whether anyone unknown has logged in. You should also check your recovery methods and backup contacts.
- Be on the lookout for suspicious emails or text messages in the future. If someone claims to be from Apple and asks you to enter your login credentials, it could be a phishing attempt. These messages often look legitimate but aren't from Apple.
How to effectively protect your Apple account now
Even if Apple itself hasn't been hacked, you shouldn't leave your security to chance. Use existing protection mechanisms, change your password, and enable all possible security features. This will ensure that your Apple account remains protected in the future. (Image: Shutterstock / Timepopo)
- Secure your iPhone properly: 5 important functions at a glance
- Change Apple ID email address: Simple instructions
- Share passwords securely: iCloud Groups on the iPhone
- Apple Passwords: Easily import your login data
