Q: It seems that someone stole my icloud email acct

Change your password and Apple ID password.

That is always the question, just how did they get the info...sometimes from your own accessing while in a place with an unsecured WiFi and they use a sniffer to grab IDs and passwords, or looking over your shoulder as you enter info, or a smartphone in video mode near you..or you let a friend use it who was eavesdropped on, and on and on.  It gets really hard to say how, the real concern now is to lock it down...new passwords all around.

It's most unlikely anyone has hacked your account, and neither is it necessary to produce this effect; though you should change your password as a sensible precaution anyway.

When people receive emails which appear to come from their own address but they haven't sent they naturally tend to be concerned: however it's most unlikely that anyone has hacked their account, they've just been targeted by one of two common spammers' techniques: both arise because it's all too easy to forge the 'from' address on messages to be something other than the real one.

There are two things that can happen. One - which is probably the one affecting you - is that the sender has forged the 'from' address to be the same as the 'to' address (so other people will see it coming from themselves, not you), presumably in the hope of confusing spam filters. It's harmless, if extremely annoying. Delete it (never ever answer spam or try to unsubscribe from it), and you don't need to be worried about it.

The other problem is that a spammer is forging your address as the 'from' address on a whole batch of messages. The first thing you hear about this is when you start getting bounce messages because the spam has been sent to non-existent addresses and is being bounced to you. There's no point at all in responding to it. It's infuriating but normally stops after a bit as they move on to another forged address.

There isn't really anything you can do about it: closing the account isn't really worth the hassle unless you are totally swamped, because you will have to tell everyone your new address. Apple can't really do any more than they already are about spam.

While I agree, Roger, I am still a big fan of periodically changing passwords to make account access a little more dificult for people who don't belong there.  It is all too easy to get access to someone's accounts because the majority of people just don't think in terms of system security...how many Mac users don't even create user accounts when they take their new machine out of the box?  And operate using an unprotected admin account?

Anyway, in the bad ole days before we had all the user-friendly GUIs it was harder to fake an email because it was so hard to block the full disclosure track the email came through.  The verbose header showed every IP address it went through.  Of course there were so few using the Internet then it was less of a problem...and many of us knew who the malcontents were anyway.

Guess this is rambling so better stop.