Data breach

[rainbowcat]

With the data breach on 6-20-25 do we need to change Apple IDs? Have changed everything else, but it doesn't seem necessary to change the ID?

 

[Rod]

Well, in answer to your direct question no, you can't actually change your ID. **You can change your password but not your ID, not without creating a new Apple ID which would mean losing all your iCloud data, purchased apps, music, ect ect.

This is what I have found on the topic;

Data Breach on 6-20-25​

"As of June 20, 2025, a massive data breach was reported, exposing over 184 million unique account credentials across major platforms such as Google, Microsoft, Apple, Facebook, Instagram, and Snapchat, among others. This breach involved a database containing usernames, passwords, emails, and URLs for a wide range of applications and websites, including financial accounts, health platforms, and government portals.9

Details of the Breach​

• Scope: The breach includes over 184 million unique usernames and passwords, with the data reportedly sourced from infostealer malware that harvested sensitive information from infected devices.9
• Exposed Data: Credentials for Google, Microsoft, Apple, Facebook, Instagram, Snapchat, and other platforms were exposed, including emails, usernames, passwords, and URLs. Additionally, financial and health-related data were also compromised.9
• Discovery: Cybersecurity researcher Jeremiah Fowler discovered the database, which was found online without encryption or password protection. Fowler verified the accuracy of the data by contacting individuals listed in the dump, many of whom confirmed the credentials were correct.9
• Response: After Fowler reported the issue, the hosting provider took the database offline. However, the source of the breach and the owner of the data remain unknown.9
• Platform Responses: Snapchat stated that it found no signs of a breach on its own systems. However, the potential exposure of credentials raises concerns about downstream impacts on user accounts.9

Recommendations​

• Password Changes: Users are advised to change their passwords regularly, especially for critical accounts such as email, banking, and social media.9
• Multi-Factor Authentication (MFA): Enabling MFA, particularly using more secure methods like authenticator apps or hardware keys, is strongly recommended, as SMS-based MFA is increasingly seen as insecure.9
• Data Hygiene: Experts emphasize the importance of practicing good internet hygiene, including avoiding the storage of sensitive information in unencrypted formats and using secure password managers.9

This breach comes shortly after another massive data leak involving 16 billion records, though this latest incident focuses on previously unreported credentials.3"
AI-generated answer. Please verify critical facts.

Personally I use MFA for all my critical accounts and Passkeys for Google, Microsoft, Apple, Facebook ect, in fact any site that will accept Passkeys currently.
However as the above search result suggests, "Users are advised to change their passwords regularly, especially for critical accounts such as email, banking, and social media."

So, for peace of mind it's easy enough these days to use Apple Passwords (if you use that) or other Password Managers to change your passwords for those critical accounts. **I wouldn't rush into it though if you have 2FA enabled for eg. your Apple account because every login must be verified by a "trusted" device and you would be notified if there were any other attempts. The same applies to Google Microsoft and Facebook. You will get a "Was this you?" notification by email and a suggestion to change your password if it wasn't. DO NOT follow links from these emails but go to the sites themselves and change your password.

 

[Jimmysb]

Well, in answer to your direct question no, you can't actually change your ID. **You can change your password but not your ID, not without creating a new Apple ID which would mean losing all your iCloud data, purchased apps, music, ect ect.

Not sure that is entirely correct, if your ID is the email you log on with, then yes you can change it, I use to have a personal email from my own domain, that I logged on with. I now have an Apple email, and that is my primary logon. And this is the same account, different ID

 

[ferrarr]

I now have an Apple email, and that is my primary logon

How did you create this Apple email?

 

[Jimmysb]

How did you create this Apple email?

Go to you Apple account (on the web) via iCloud, and create it..

 

[ferrarr]

Go to you Apple account (on the web) via iCloud, and create it..

I don't get the option to create a new Apple ID, while Im logged in to my Apple Account. Let me try with my other Apple Account.

 

[ferrarr]

I was trying to make the change at Account.apple.com. I was able to make the change at iCloud.com, thank you.

 

[Rod]

Not sure that is entirely correct, if your ID is the email you log on with, then yes you can change it, I use to have a personal email from my own domain, that I logged on with. I now have an Apple email, and that is my primary logon. And this is the same account, different ID

Wow, I didnt know you could do that Jimmysb, although it makes sense if you're using your Apple email address I suppose. After all that's already linked to your account in a way.

I have had the same old @gmail.com account since my first Mac, maybe it's about time I changed it?

Can you or ferrarr describe the process and what implications it has.

 

[Rod]

For example, can you only change it to your Apple email address or can you use others?

Do you have to log out of everything Apple and log back in again on all devices?

Not that I'm unwilling to do that, I'd just need to set aside some time.

 

[ferrarr]

@Rod, If you are using a non Apple email address, you can change it to a different non Apple email address, or to an Apple (iCloud) email address. if you change it to an Apple email address, you will not be able to change it to a non Apple email again.

I just created a new Apple (iCloud [alias]) email address to replace my hotmail login. But, it takes a month (30 days) for the iCloud account to be a full iCloud account instead of just an alias.

Do you have to log out of everything Apple and log back in again on all devices?

No, not at this time. Maybe when you go to change the email address associated with your Apple account.

 

[Rod]

So, if I made my Apple email address; myname@icloud.com my Apple account login along with a new password, I'm thinking that would require log out and log in for everything Apple related,
I know it did the last time I changed my Apple password.
It occurs to me doing one thing at a time would be best. Just changing my user name would be a first for me, whereas I changed my password in January.

 

[Jimmysb]

I just created a new Apple (iCloud [alias]) email address to replace my hotmail login. But, it takes a month (30 days) for the iCloud account to be a full iCloud account instead of just an alias.

Yes, created mine, waited the 30 days, then changed it to my primary Apple ID.

Why! Well having used my "own" emails address on everything I registered on was fine when I was using Windows, however the Same ID for Outlook, iCloud, Gmail etc means that you do not get the full benefits of various account, and as you get older (the real reason ) you can be easily confused.

 

[MacBiter]

If I'm clear on Have I Been Pwned, does that mean I shouldn't worry?.

 

[Rod]

That depends on your definition of "worry" I suppose, but it's a positive finding. Being pwned is established (very loosely) by knowing what data was contained in a breach. If no one knows yet what data was sold by who or even where it came from its a bit grey.
I work on the assumption that that it has been pwned, I know my @gmail.com account has been but my @live.com address has not, seems hard to believe but email addresses are pretty much public domain.