Apple’s Family Sharing feature on iOS was introduced in 2014, enabling iPhone and iPad users to share photos, iCloud storage and iTunes media content with up to five family members.
Unfortunately, it appears the family-friendly feature isn't as secure as one would expect, with reports of Chinese scammers hijacking Apple IDs via Family Sharing and using them to make purchases worth hundreds of dollars.
According to a reader email sent to Business Insider (opens in new tab), one user was unable to download apps onto his device as his account was linked to Family Sharing, something he doesn’t remember setting up. The only way out was to remove himself from the sharing feature, which required the permission of a Chinese person whom he had no idea how to get in touch with.
While Apple support was able to get him out of the Family Sharing mess, it's since become apparent that the Business Insider reader wasn’t alone.
App Store shopping spree
A quick search online reveals that scamming unsuspecting iOS users has been going on for a while. Discussions on both Reddit (opens in new tab) and Apple Community (opens in new tab) date back to 2016 (opens in new tab), with people complaining of being added to a ‘family’ or having unfamiliar people added to their Family Sharing account.
According to one user (opens in new tab), a scammer from Youku, China, was able to make app and iTunes purchases using a second account associated with his own — something he never did himself. Again, Apple was able to help him sort this out, meaning that the Cupertino company is fully aware of the problem.
Whether there’ll be a proper fix for this is anyone’s guess, but there are ways you can protect yourself from similar scams.
Going through the forum threads, it’s clear that most people either used the same password across multiple accounts or didn’t have two-factor authentication turned on, making it rather easy for their Apple IDs to be hacked.
Firstly, it’s important to check if any of your online account details have been leaked. The Have I Been Pwned database (opens in new tab) has a complete list of known breaches; all you need do is enter your email address.
Ensuring you have unique passwords for all your accounts will also help keep you safe in case of a data breach — if one username and password has been compromised, you’ll know that everything else is fine as they don’t share the same details.
However, the best way to keep your Apple ID secure is to enable two-factor authentication on your iPhone or iPad. This will prevent anyone using your username and password from gaining access to your account without a six-digit verification code that’s sent directly to your device.