Someone trying to hack my Apple password using security questions

As I said before, if you are using two factor authentication then there are no security questions. If you set two factor it is impossible to then have security questions.

Bogus from scammers. They don't care if they got things right. They can send out an email to 100,000 people and if even 20 people try to sign into a fake "Apple" web page and reveal their account information, the scammers have won.

Read this document if you think your Apple Account has been compromised. --> If you think your Apple Account has been compromised - Apple Support

For iOS 15 or earlier, if you want to see if anyone else has access to your device or accounts, click here --> Checklist 1: Limit device and account access - Apple Support

For iOS 16 or later see how Safety Check on iPhone works to keep you safe. Safety Check for an iPhone with iOS 16 or later - Apple Support

Use the information in this document to check your Apple ID device list to find where you're signed in --> Check your Apple Account device list to find where you’re signed in - Apple Support

Related materials:

Personal Safety User Guide

Personal Safety User Guide - Apple Support

> open the Table of Contents and review the articles

A document with general information about security and your Apple ID --> Security and your Apple Account - Apple Support

Contact Apple for help with Apple ID account security. This page provides country-specific Apple Support contact information ➞ Contact Apple Support - Apple Support

InformedBuyerR wrote:

when I go into my Apple settings I see that I have 2 factor authentication enabled but I don’t see anything related to security questions. (I want to change them)

That is the part that does not make sense because there is no such thing as having security questions when 2 factor authentication is turned on. You can't find them because they are not there and no one else is able to find them either. Two Factor Authentication also cannot be turned off, so there would be no way to return to security questions.

I suspect the gmail address seen in the email is not EXACTLY the same as what you are using on your Apple Account. You are seeing you have 2FA on your actual Apple Account, not the one that is slightly different in the email. Look for characters such as the lower case L (l) and the uppercase I (I) that could look exactly the same, or other differences that could be easily overlooked.

Security questions are no longer used — for new accounts. If your Apple Account has been in use for a long time then you probably configured them, and someone attempting to access that Account may be asked for them.

The attempt may be innocuous with possibilities ranging from someone who either misremembers his or her Apple Account credentials, is repeatedly mistyping them, someone who may be attempting to guess that information, or it could in fact be a determined "hacking" attempt from someone persistent. (It won't be successful.)

Apple's account security details are necessarily opaque. They change from time to time, and they are deployed in a manner intentionally designed to appear haphazard. Predictability is the antithesis of security (ref). Attempting to derive anything but the most cursory details is met with stony silence.

In any event as long as you enabled two-factor authentication then I would be reluctant to do anything at all. Lacking adequate confirmation of the legitimacy of any request (which will be difficult at best for anyone other than you to provide) Apple will do absolutely nothing. The attempts will eventually cease.

Definitely avail yourself of the Apple resources Limnos and others provided, and

Delete the spam, and move on with the rest of your day.

👍

InformedBuyerR wrote:

Your presumption Is incorrect. The very fact that someone is able to attempt to answer my security questions is proof that the account is being actively hacked (this could be an attack using information previously leaked security questions, much like passwords) but that Apple is allowing them to access it despite having MFA enabled is a problem with apples security system.

Not even you can access your account by answering Security Questions when using 2FA. You are presuming that answering a Security Question on an account with 2FA would give a person access and that is purely speculation. It is going to be Apple that would have to determine from the server logs why you were sent that email, and anything that is unique to your account for why no one else is getting that email. If a hacker was able to bypass any security protections in place for 2FA, you would not be the only one that is targeted.

I suspect a server error and you were sent an erroneous email. Just yesterday I received an email from a Health Insurance company welcoming me to my coverage for the year and included Insurance cards after I had cancelled the plan over a month ago. After calling, it was determined to be a server error and I should not have received the email. Yes it does happen and my previous account was not compromised.

InformedBuyerR wrote:

I've reported the security loophole to Apple security services, lets see if they do anything about it.

The emails from Apple notifying me have not stopped, someone is still trying to answer security questions to reset the password despite having MFA enabled on the account. Clearly some hackers have found a loophole in their security apparatus! Maybe if others report it they will close the loophole. This is ridiculous!! Even MFA isn't safe anymore.

Keep us updated on the progress.

Is there some reason why you think that there is a loophole and hackers are only interested in targeting you? I would suspect that a loophole would be affecting a lot of users and this support site would be flooded with the same questions. We would see those posts here and there are none that I can find, even though there are hundreds of the posts related to the fake messages some have seen about an Apple Pay purchase made at another location.

It certainly may be a glitch of some kind related to your account, since it refers to Security Questions which are not part of 2FA at all. If you forget your password with 2FA turned on, you are not even given the option to answer any Security Questions in order to gain access to your account. It may be an erroneous email and nothing to do with someone trying to access your account. That is up to Apple to investigate since there is nothing that we can do to review server logs that would have prompted that email.

Apparently 2FA is safe because no one has been able to access your account, is that correct?

This article seems to be pretty firm that you only see security questions if you are not using two factor Change your Apple Account security questions - Apple Support

If you haven’t upgraded your Apple Account to two-factor authentication, your account might use security questions to help keep it secure.

If you don’t want security questions … you can set up two-factor authentication.

Account Recovery only applies if you are using two factor (and this is not what the OP is asking about). I have never, ever in all the years of two factor ever seen anybody say they were asked for old security questions when using Account Recovery. In fact, many accounts never had any.

InformedBuyerR wrote:

Well it’s not a one off. I’ve keep getting the email from Apple every day / alternate day. Something is still trying to hack the loophole.

I just wish I could see what device or ip address is trying to answer the security questions despite having 2 factor auth.

IP addresses tell you approximately nothing, between mechanisms including Private Relay, OHTTP, Tor, I2P, and the zillions of compromised hosts that exist.

Report it here: Report a security or privacy vulnerability - Apple Support

As for the messages, set up some mail-handling rules for these mail messages in iCloud Mail settings or add a mail rule on a Mac, and file away the mail messages.

InformedBuyerR wrote:

That’s what I’m trying to point out here. There a glitch or hole in apples servers which is allowing someone I access security questions. Guessing. It could be an old iOS version or some api or some old device that’s still use the security question APIs allows then to bypass the 2 factor auth.

the email is genuine and all links are leading back to Apple.com and the DKIM, SPF and Digital signatures are all valid and authenticated by Apple.

I mean a glitch causing that email to be generated. Not that someone is actually able to reset or even see any security questions in any way.

Mysterious, yes.

A break in Apple's system like this is unheard of though, so it makes it hard to believe.

InformedBuyerR wrote:

Still getting the emails, a few every week since Nov 2025…..sounds like brute force attempts to me. I’ve seen systems try to hack continually for months and years at public servers relentlessly.

I agree you need an answer from Apple on that and took the correct course of action to notify them and report a privacy/security concern. It is only when you start speculating on what is happening and making unfounded conclusions where you will be led astray. That is why I hoped you would keep us updated on what response you do get from Apple and their recommendations to you.

If you think you have discovered something new then you may wish to avail yourself of Report a security or privacy vulnerability - Apple Support