Some random MacBook signed into iMessage with my ID?

Any chance you used the same password somewhere else? Somewhere that was compromised? I recently had my first ever BitCoin threat/scam and they did indeed know a password I had used - but it was one I had used years ago when I first set up my Sony PS store account so had already been changed several times since. Sony was indeed hacked some years ago and passwords stolen, and those passwords then get past around on the web. People will try to use them for scams or to access accounts based on your email address or name.

it’s one good reason to use keychain and/or invest in a good password manager (I use mSecure but 1Password is also well reviewed) and never use the same password with two or more sites or accounts.

BTW, yes, that message seem to be authentic and follows the format of the ones I receive when I get a new device and first sign in to iCloud on it.

It would be pretty hard to spoof an Apple push notification, which uses the same text as the email they send. Push notifications require your consent so anyone spoofing one would have to actually physically replicate Apple’s push notification server.

Plus little things like proper spelling and grammar, which most scams actually do not get completely correct, and keeping the time in PDT (since Apple notifications are all based on their headquarters time zone). And including and sending to your primary verified AppleID email address. Those are all concordant with a legit message about a new device signin. The email should also have come from noreply-at-email.apple.com (with of course the -at- being @).

It wouldn’t hurt to change other online passwords though as you only know about exploits often long after the fact (how many have only become public years after the fact).

The fact you were able to re-secure your AppleID is a good sign though - the crook will now be blocked from access.

If you only have a single Apple trusted device though, with 2FA it would be wise to register another trusted telephone number. You can receive 2FA codes on any trusted voice or SMS capable telephone number (my backup number is a Google Voice number, so even a VOIP number can work).

You should be good with the password change, 2 Factor Authentication, and removing the device from your Apple ID. I don't know how it happened.

This same user named “macen的iMac”. signed into my account at 07:19EST this morning.

If you follow the extra security steps that LibraryWhale did, you should be okay.

I get that same message every couple weeks (same user, same 13" macbook, etc.). I have a feeling it's a scam, I just don't know the scam.

Your Apple ID (xxxxxxx@xxx.com ) was used to sign in to iMessage on a MacBook Air 13" named “macen的iMac”

I've gotten this same message several times over the past few weeks. It must be a SCAM?

You can do the steps the original poster did to secure your ID.