Q: security and hackers !!!

They got your password because you gave it to them.  That message was not from Apple but from a phishing scam artist.  Since you replied by going to the link, you gave them your login credentials.

You need to reset your AppleID password immediately.  Nobody hacked your iPhone, they hacked your iCloud account.

Sorry, but you are not talking to Apple here, we are all users, just like you.

As for your stolen iPhone. Are you sure that the notification you have gotten has been legit? Usually when you access your Apple ID features from another computer or iDevice, you will be notified by mail, not by SMS service. If you followed the link and gave them the AppleID and new password, that's how they were able to "hack" your phone and set it up with another Apple ID of their own.

The last time I logged in and out of iMessage on my Mac, Apple Support notified me via mail. There where no details about the IP address given, nor any link that will expire at some point in the future. The only link given was this one: https://appleid.apple.com.

No, when you gave them your iCloud login information, they were then able to go in and remove the device from your list of tracked devices, and send it a remote erase beforehand.  They basically can do anything that you could do with your account.

You need to go to https://appleid.apple.com/ and reset your AppleID password immediately, if you even can.  If you cannot, then try to regain control of it via https://iforgot.apple.com/password/verify/appleid or call Apple and tell them your AppleID has been compromised and you need help regaining control of the account.

Your data on the iPhone itself would have been inacessible due to the screen lock.  But with your iCloud account login, they would have been able to remotely erase it, then remove it from your list of tracked devices and re-activate it for their own use.  Since they could sign in to iCloud as you, they could also have restored from your iCloud backup and sync'd any of your synchronized content.  Again, they could do anything that you could do with your iCloud account.

There is nothing Apple can do about it. Sorry.

You don't know that they did... All you know is that you gave them the credentials for your iCloud account, allowing them to remove the activation lock.

It's likely that they don't care about your data at all. All they really wanted to do was wipe the phone and sell it. They have everything they need to be able to do that.

They did not need the password to your phone at all.  Once they had your iCloud password they could login to your iCloud account in a web browser as you, execute a remote erase to the very device they had in their hands, then disable activation lock.  Then, they simply activate the device anew, sign in to iCloud as you and sync your contact and restore your backup to the now wiped clean device.

You may wish to think about using 2-step verification so that your password is no longer the sole access code to your account - Frequently asked questions about two-step verification for Apple ID - Apple Support

Your iCloud account integrity is the key, since it controls remote access to the phone as well as activation lock.  Once your iCloud account is compromised, the hackers can control your device.

The one simple rule to follow is never, ever simply call a number in a message, follow a link in a message or give out your passcode to anyone, ever!  If you suspect an issue with your account, login to the appleID management web site yourself and check your account integrity, or call Apple and ask about it.  Always independently verify your own accounts through your normal account access portal or website.  And remember that Apple will never ask you for your AppleID password - never, under any circumstances (as clearly stated in their privacy legal documents section).