My iMessage has been hacked

Sstrange thing; Apple couldn't see any evidence that the account was used by anyone else. They told me that iMessage is a separate system to the iCloud system. Doesn't trigger emails to account holder. They could not see any devices on the ID other than our iPhone and couldn't see evidence of anything else. In fact, the only thing they could see was my contact to them saying this happened.

Either theyre incompetant or the system system doesn't show this login info, or truly this is a new type of attack.

no evidence of anything anywhere. No password change. No login notifications. No devices showing In iCloud, Apple ID site or iTunes other than the iPhone, no purchases. no explanation from Apple. Nothing on their system. No explanation of how a message can sync onto a phone that's not using an Apple ID for imessage other than someone used the number to send an iMessage 'somehow'.

WHen the Apple ID was activated it showed only her 2 email addresses in the receive list (and her number) that she has as reachable at. There are / were no alien details.

THe moment we logged into Apple ID site we got an email about it. If there was an account compromise they logged into no service that triggers an email at all. Email 2FA so not compromised.

THanks for all your info though.

MY worry (after an off the cuff comment the seemingly less intelligent level 1 support made) was that perhaps the phone itself became compromised somehow. But she has received no bad emails or messages (unless it deleted itself). This doesn't fit with it being iMessage only.

im annoyed. We take security v.seriously. This password was secure. It was like 2 months old and due for change. the only non iOS place it was entered was on Apple to order an Apple Watch.

THis is all too strange. Nothing linking the victims. Unless we all bought Apple watches!

Could be...I also have an Apple Watch. I was not using my wifi on my phone or computer when it happened to me.

Yes but did you order it from Apple not long before you were hacked? It's a wild idea Based purely on where that password was ever typed in.

Same with me! Really concerned about the iCloud situation...

Humm,

The second person to post after Linc's "change Password" advice states:-

... Now this morning, March 10th, it happened again. When I checked my phone this morning, it said my Apple ID had been used on a new iPod touch. So, I promptly changed my password. I'm concerned now about charges to my Apple account or cell bill... as well as privacy in regards to banking info, passwords, etc. ...

It then seems several other people report seeing an iPod Touch as the used device that joined the devices.

An iPod touch would use an Apple ID and not the iPhone Number.

If the user was only using a Mac and therefore only an Apple ID they would still be able to enter the Apple ID.

Technically they would need the password to access the iMessages servers.

Other than using an iCloud valid ID and checking the login with the Apple ID servers iMessages has nothing to do with iCloud.

In effect you can you a different ID for each server (iTunes, iCloud and it's collection, Game Center, FaceTime, iBooks, iMessages, App Store).

If the iMessages servers are not listing an additional Device then it must be some form of attack outside of a basic Account hack.

There also seems to be differences in how people come to find out their iMessages account is being used.

Some seem to see the messages.

Others appear to describe the Pop ups about a "New Device" but other do not.

As this 10 page Thread has progressed it also seems there is a change in the reporting or what people are seeing and it does not appear to be quite the same now.

I am still at a loss as to how it is happening and whether the accounts are really hacked.

8:10 pm Sunday; October 9, 2016

Hi,

The same what exactly ?

In System Preferences > iCloud there are not setting for iMessages, FaceTime, iTunes, The App Store, Game Center, iBooks to name some of the services that you might need an Apple ID for.

That said the iMessages ID mus also be iCloud valid even if it is not using as the iCloud ID.

iMessages account on the Mac logs into the iMessages Servers and as part of that check the ID against the Apple ID servers.

However the Mac also uses an Auth Token to "prove" that the call is from your Mac (it is based on the Serial Number)

All devices that use iMessages use the Serial Number to make a Device Specific Login.

i.e. it is impossible to spoof the Mac or iPhone or other devices.

There is not check though when adding other devices.

Someone with access to your Apple ID and password could add another device.

It can start sending Messages even before your accept the pop ups on other devices and Denying the pop only adds the device/ID used as an Alternative but in an inactive form.

Potentially there is some risk to your iCloud account if you use the Same ID in iCloud.

On the Apple ID site you can see the devices listed that people can contact you On.

The list does not point out which are iMessages, which are FaceTime or the Game Center.

They are not listed for Mail (iCloud), Photos (iCloud)

However these also cannot be removed.

At present nothing in this thread has suggested that an iCloud account (if the ID is used in both places) has been compromised other than somehow iMessages from non registered devices are getting into the system.

8:37 pm Sunday; October 9, 2016

TThat's what worries me. Apple level 2 tech are happy to just put this down to the user givin away their password and they can sleep at night. It gets escalated no further. Why can't you spoof a serial number? Perhaps before they attacked by logging into iCloud first if it is an account hack and because that gave warnings they have changed to just log in against iMessage. Perhaps there's a brute force hole in iMessage? We will never know and Apple don't care.

ALl I have is speculation though. Since I have no access to their system. No log of activity. Just some iMessages on a phone with nothing else at all. But there seems to be a volume of people with this issue. Forget the small number we have here; when you have news that someone has called up their carrier in the U.K. And been refunded the £600 ($601) because the support guy has heard "a lot about this to other people". the victims only have in common that they use Apple devices.

Same here!! They sent out about 20 or so messages today! I changed my password! Is that all I need to do??

At around 3:50 am PST I had my iMessage send out what appears to be spam messages to China as well. I received two separate emails from Apple, first stating that my Apple ID was used to sign in to iMessage on a MacBook I do not recognize and second, that my Apple ID was used to sign-in to iCloud from IE on a windows PC. Both of which I did not do.

Aside from changing Apple ID password/security questions. I was told on the phone I cannot update to 2 step verification for 3+ days.

My guess, is all of our passwords were compromised either by a bot, or Apple security leak. When viewing Devices, it only shows active, which are both correct even though my emails and iMessage seem to have been accessed by devices not visible to me. Is there a way to view all previous SN/devices/IP address that were used? I do not need to know this info, only for Apple Support to confirm that a separate device accessed my account and how that was done(password entered).

*edited: furthermore, I believe I was locked out of Apple ID a second time sometime today. Appears the bot/person is attempting to access Apple ID again.

TThat's what I was wondering too. I did everything you did, also!

On finding out we had been comprimised on icloud and mac & phone last week. We at first tried changing the email & password set for the account we already held. It worked for a short number of hours. Tried to log in again and it was saying that we couldnt and passwords were not recognised. So in the end we lost out on any itune purchases or apps made to this account and had to choose to rid this hack by. Opening a brand new apple account and start all over again by rebooting mac & phone 😟 very dissapointed that apple dont seem to think this is important enough. shall we rebill you for our music and apps that we have lost?? think about that.

Hi,

A link would be helpful.

iMessages either go as Data via the Carrier if there is no WiFi or they go over the WiFi to the Internet.

I doubt, based on the number reported here that the data amount would run up such charges even if there was no WiFi route to the Internet.

I must admit since I posted this in the Lounge where the Hosts can see it they have not made a response to indicate that they have bumped it upstairs.

8:32 pm Monday; October 10, 2016

It was on Reddit I believe. I'll have to trawl.

ITs not data. Consider this scenario: it costs 50p to send a SMS to China (perhaps). Consider the SMS is 160 characters. Actually, when you use a character set with emoji like these spam that limit is now 70 per SMS. Also, each new line and multi byte emoji (or Chinese symbol?) takes up 2 of those 70 limit Then the limit is effectively about 40.

LEts say £600 at 50p is 1200 SMS

1200 SMS?? From 120 iMessages ? 3 batches of 40.

Thats 10 SMS per iMessage attempted. 400 characters at 40 per message in emoji and Chinese. Plausible?

but how the SMS? There's a setting in messages that I have turned off; send as SMS. When the target doesn't have iMessage or the data network isn't available, send as SMS.

NNow ive not confirmed this last part yet; but when I had this setting on and my home wifi went down years ago I ended up sending an SMS to the USA because the iMessage "times out".

ALl these undeliverable spams (to non iPhones?) or if your data drops, can the phone with this setting start trying to send them as SMS for you instead?

thats my theory. If I'm wrong, phew. problem for me to test is my Mac is authorised to send SMS messages anyway even without the send as SMS setting turned on. So not sure what would happen Or how to do a test without getting all my accounts off the Mac and starting over.

This is the exact thing that happened to me today. At least one of the same phone numbers. I disabled iMessage when this came up.

Hi,

Yes Text Forwarding would have to be On.

Which in turn means the Send as SMS option is On.

As most of the pics of individual iMessages are the Blue Send type we know they are being sent as iMessages.

A pic of the iPhone's collection of open/started chats does not show whether they are incoming or outgoing iMessages of even if they are SMS in either direction.

I do concede that some people might have the option to send as SMS and that in some cases the Apple ID could be used (to other iPhones as in the pics).

I think we need more info on that front.

8:25 pm Tuesday; October 11, 2016