How to Recover Your iCloud Mail Account After Being Hacked
If you've been locked out of your iCloud Mail account — or suspect someone else has gained access to your Apple ID — don't panic. Apple has a comprehensive account recovery process, and in most cases you can regain control, especially if you act quickly. This guide walks you through every step.
Time is critical. The sooner you start the recovery process, the better your chances. Apple is more likely to verify your identity if you act before the attacker changes your recovery options. Don't wait — begin now.
Step 1: Go to Apple's Account Recovery Page
Open a browser and navigate to iforgot.apple.com. Enter the email address (or phone number) associated with your Apple ID and click Continue.
Apple will begin the identity verification process. The options available depend on what recovery information you had set up before the account was compromised.
For the best chance of success, use a trusted Apple device that is already signed in to your Apple ID (e.g., your iPhone, iPad, or Mac). Apple uses device trust to verify ownership much faster than other methods.
Step 2: Verify Your Identity
Apple may offer one or more of the following verification methods:
Trusted Device Notification
If you have another Apple device signed in with the same Apple ID (iPhone, iPad, Mac, or Apple Watch), Apple can send a verification code directly to that device. This is the fastest and most reliable recovery method.
Trusted Phone Number
If you had a trusted phone number linked to your Apple ID, Apple can send a verification code via SMS or phone call. Enter the code to prove your identity.
Recovery Key
If you previously set up a Recovery Key (a 28-character code), you can enter it during the recovery process. This is your strongest recovery tool — if you have it stored safely, use it now.
Account Recovery Contact
If you designated a trusted person as your Account Recovery Contact in iOS settings, they can generate a recovery code for you. Contact them and ask them to go to Settings → [Their Name] → Password & Security → Account Recovery to get your code.
If none of these work: If the attacker has changed your trusted phone number and you don't have another trusted device or recovery key, you may need to use Apple's Account Recovery process (see Step 3).
Step 3: Request Account Recovery (If Locked Out)
If you can't verify your identity using the methods above, Apple offers an automated Account Recovery process. This takes time but doesn't require you to call anyone.
- Go to iforgot.apple.com and enter your Apple ID
- When prompted for verification and no options work, select "Can't access any of these options?"
- Apple will begin the Account Recovery process and send you a confirmation email
- A waiting period begins — this can range from a few hours to several days depending on your account security settings
- During this period, do not attempt to sign in or use the Apple ID, as this can restart the timer
- Once the waiting period ends, Apple will send you an SMS or email with instructions to reset your password
Important: The waiting period exists to protect you. It gives Apple time to ensure the recovery request is legitimate and gives you time to cancel it if you didn't initiate it. The more security features you had enabled, the longer the wait may be.