My iMessage has been hacked

You are correct in that you are not receiving spam. Your account was hacked and it was being used to send out spam. If it is repeatedly getting hacked, you need to take some extra steps. Change the password on your email account. It's possible your email is hacked and they are using it to access your Apple ID. Upgrade the security on both your email and your Apple ID to a two-factor method. For your Apple ID, it's called Two-Factor Authentication. Two-factor authentication for Apple ID - Apple Support

Tip: If your iPhone is your only Apple device and you turn on Two-Factor authentication, make sure you add an extra trusted phone number to your account so you can still sign in to your Apple ID if you lose your iPhone.

Tthis might be correct for some. But as we found there were no security alerts; no changes and no new devices. The messages settings on the iPhone wasn't even using the Apple ID at the time. We had the button at the top that said something like "use Apple ID for iMessage".

There's been no indication of anything other than these messages. Nothing else; for us!

Hi,

If you read the first few replies there seemed to be no indication other than the display of the sent iMessages.

Other than changing your Password and enabling Apple's 2 step verification which also needs App Specific passwords to be set up in addition for Messages and FaceTime there is not a lot to be done.

Whilst this thread is 110+ replies and 9 pages these are still relatively low numbers of people involved.

I understand there are other threads in Using iPhone and other forums here at the Apple Discussion pages.

9:52 pm Friday; October 7, 2016

Check the "in response to" header of my reply. I was replying to a different user whose account was hacked. In your case it might be different. However, just because your current device isn't signed into iMessage doesn't mean someone didn't hack your account and start using iMessage on a different device. If you're not signed into iMessage you might not get the popup notifying you of a new device. I'd still change your password if I were you. As well as your email passwords and the passwords on any accounts where you have reused the same password.

Thanks, yeah I saw wasn't reply to me. Just clawing for any more info really. question though; if the account was hacked, we got no email about new device; when we signed in on browser we got an email about it.

SEcond: if the messages were sent from her Apple ID on iMessage, how did she see them on her iPhone that wasn't using the Apple ID for iMessage? (Is this a new thing that an iPhone can just use the phone number, is this some kind of pseudo account then in order to do this? And if so could that pseudo account be compromised? this is a huge leap. I'm trying to figure out how the messages actually showed up on her phone when she wasn't using an Apple ID for messages. )

Same thing happened to me tonight. Got a notification that my apple ID was in use on a different computer. Logged into my Apple ID site and didn't see another device connected (actually, only saw my MacBook, not even my iPhone). Then went to send a text message from my phone and saw I had 35 iMessages to china (+ 85 numbers). Changed my password and changed my apple ID email and the messages stopped. Have to wait 2 days to add 2 step verification since I just changed my apple ID email, but this hack is clearly still a problem.

That's totally strange also. I thought be able to see and remove devices you have to answer to security questions as well as knowing the password.

In our case, we had a reasonably secure password that hasn't been used for anything other than Microsoft; and the login credentials haven't been used on anything other than the dialogue boxes on the iPhone to sign into the iTunes Store. No phishing attempts. Email address has been secured with two Factor authentication; so no notifications via email would have been able to be deleted.

Admittedly, my computer background is the Java programmer of over 10 years; i've not specialised in security systems, but I'm having real difficult time identifying how this happened to us. Absolutely zero evidence of any activity on the account, or a hack.

I also can't see anything in common with this account, and people also listing that they've been hacked. Different countries, different service providers, different email providers.

The only exception to the above, is that we ordered a new Apple Watch and entered the Apple ID credentials on to the Apple site when ordering Very recently. That's the only place they've been entered really since password last change that wasn't on the iPhone with a black keyboard in iTunes.

You only reason it didn't write up the phone bill was because we have the send as SMS setting switched off. That being said, if they had access to the Apple ID account why didn't they use either of the two credit cards on the account to make any purchases? Or something.

That all this with the fact that iMessage wasn't using the Apple ID at the time, i'm completely utterly clueless as to what has actually happened.

Granted, I can see that with the same sort of Messages are being sent, other people have clearly had the Apple ID compromised in some way, even though they sometimes have new passwords and it seems almost impossible, and they report that after changing the password that the attack can continue or repeat, The advice for us to change our password seems quite strange. We cannot turn on 2FA yet and if this password has been compromised, it was a reasonably secure password, what's to stop them getting the next secure password?

Put it this way, aside from the fact that I hadn't recognised that Apple offered 2 factor authentication until just the other day, we aren't a pair of newbies when it comes to security. We know how to spot a phishing email, broken security, malicious websites; we have 2FA on most accounts. This makes zero sense to me, if Apple has not been compromised / the iPhone itself.

Sorry for the wall of text

Yes, I just woke up to the same thing!

I agree with you. It is very strange. I had a friend who thought it was probably due to the Yahoo breach that allowed hackers to steal 500 million user names and passwords. I thought that sounded reasonable because the hackers could try those passwords on Apple and see if they worked. However I've asked a lot of people who had their Apple ID compromised and not all of them used Yahoo and not all of them used the same password for their Apple ID as they did in Yahoo. No one is getting any notice of a password change on their Apple ID and they can all still login with the existing password. That means the hackers are somehow discovering the password. How? If they were just randomly guessing, accounts would be getting locked.

I Have just got off the phone with Apple care and spoke to senior advisors.

THey agreed that the strange thing in my case was that the iPhone we used wasn't signed into the Apple ID for iMessage at all. Apple Care did suggest that I wouldn't receive an email if the device they used was just used to sign in on iMessage as that's not part of the iCloud system.

However we kept revisiting the fact that the phone wasn't used with the Apple ID for iMessage. They made sure to tell me that the account could have been compromised from another service; but we are secure and the only other service that used this password was Microsoft, and that had 2FA on it so the email wasn't compromised.

Finally, revisiting the lack of Apple ID in our case; the tech conceded that we might never know what really happened. But we both thought that it could be possible that they used iMessage to send as her phone number somehow and that synced back to her phone via iMessage. My thoughts on that were primarily because to sync iMessages between my Mac and my iPhone I had to sign in to my Apple ID on both To get it to work. But since she wasn't signed in to her Apple ID on that phone for iMessage or FaceTime; how could the messages get synced to her device; the only slightly reasonable explanation was that they sent with the phone number. But how that's possible? He couldn't answer.

We went through about 10 other ways the account could have been compromised, the only way that was half plausible was if they knew her security questions or card Details. But since the password wasn't changed and there's nothing that links her card details to her Apple ID email (hacker might have one but unlikely both) and she herself could hardly remember her obscure answers to her questions, unlikely too. And still didn't explain the lack of Apple ID on iMessage.

In short; our problem is not resolved; we have changed password and will enable 2FA but any device already signed in won't be challenged. But he said no devices were signed in to iMessage. The point, not even hers because she wasn't using it On her Apple ID.

my feelings on this? Due to the world wide scale of this; the fact people had just changed their passwords, people without Apple ID in use even, I think there's something wrong at Apple's end here. I hate to believe it, people will call it impossible, but the crucial thin in our case was the Apple ID was not in use for that phone number. The only way to sync to the phone was through the phone number; how can the stackers then compromise an iMessage account that's not linked to anything, has no ID, no password, no email? This stumped Apple and us. They're happy to put it down to account security even though everything points to it not being.

Hi,

The Messages app that could iMessage was on the iPhones long before iChat was corrupted into Messages on the Mac.

Initially the iPhone could have the Apple ID added and both would "see" the iMessages but this form of Syncing back in Mountain Lion (OS X 10.8) and Messages 7 was very limited.

The iPhone number has to be verified first but has always been it's own iMessages ID

It becomes devices specific by using the Serial Number.

That gets added to the Mac version at the OS X 10.8 update and make Messages version 7.0.1

Improvements to the "Display on All Devices" type of "sync" Apple uses have followed and at Yosemite and iOS 8 you could also add in SMS/Text Forwarding.

How and where you are in this process and whether you have "unlinked" the devices will play a part on which devices see what iMessages.

I have two iCloud valid Apple IDs and at one time had two iPhones.

I used an Apple ID with each.

At first only one was linked to the Mac version of Messages then I was offered to link them.

At the time I thought it would keep some of the info separate but soon the second iPhone was getting iMessages sent to the other iPhone's number and the other ID.

I used this to remove the iPhone number https://selfsolve.apple.com/deregister-imessage

There is no place to remove an Apple ID.

The second Apple ID literally pops up now and then when a device spends too much time not logged in to iMessages.

Even if you say no to the pop up it is still added to the device but as an in active option.

It is easier to remove the ID on the iOS devices (remove this email in Messages' Send and Receive Settings) than it is on the Mac.

Where your devices sit on this history and how many changes you have made along the way will have an influence.

Having said that if you are saying the iPhone has never been linked to an Apple ID but it is seeing iMessages not sent by it then that would be a first.

9:32 pm Saturday; October 8, 2016

Thats a lot of good info there.

So she might have been in some sort of hybrid state then. She had her Apple ID in use on that iPhone fire iTunes and for iCloud etc. But none for FaceTime and iMessage. On Apple's system they could see no device logged in with the Apple ID for FaceTime even after we enabled the Account on iMessage.

Tthat being said; she has never used iMessage on anything but her iPhones. I can't attest if she ever had used the Apple ID in the past but at the time this "attack" happened; iMessage was turned on and in Send & Receive there was just the mobile phone number (once) and an option to use Apple ID for iMessges that when selected required the account password.

IN retrospect I should have tried using her account in another device first to see what would have happened.

4 pieces of Advice

• Change Apple ID password(Not used in another web account)
• Enable 2 Key Authentication
• Report Number as Spam
• Remove devices you don't own from list in iTunes

Hi,

I saw your more details posts about speaking to Apple after my post.

That said there are possible hybrid states as you call it.

The Apple ID site will list Active IDs https://appleid.apple.com/#!&page=signin

Then the Account page and further down that page "Reachable at" (it reads next to it the following)

Adding contact information helps friends and family reach you using iMessage, FaceTime, Game Center, and more.

What you cannot do there is remove any of the listed item.

My iMessages Account is based on my Oldest Apple ID (an old dial-up account)

I linked that to iCloud when iCloud came out and got an @me.com ID and later and @iCloud.com one as well.

The @me.com one is actually listed as my Main ID but also as an Alias. (i.e. it is listed twice).

Effectively it mixes iTunes, iCloud and iMessages IDs in this section (Although I do use them all in mail in some form - two are linked as one Mail Account (@me.com and @icloud.com). )

Even though at one level my original ID and @me.com and @icloud.com are linked the Messages App does seem to treat them as Separate IDs when listing them for iMessages.

As you say knowing the Apple ID and seemingly the password should give them access to this page (I am sure Apple Can tell when it was logged in to and from where).

However as far as I know you can only link the iPhone and Apple ID by manually entering it on the iPhone.

It is not possible for what I know to add the iPhone from the Apple ID page (you can add IDs (emails) at the "Reachable at" option).

However some of this is conjecture and speculation at best. (backed by 15 years with iChat and Messages).

There are still gaps in my knowledge when it come to the absolute finest details of how it works in some circumstances.

10:23 pm Saturday; October 8, 2016

Hi,

As I posted you can't remove IDs from the "Reachable At" section of your Account settings at Apple ID.

The iTunes Servers are separate from the iMessages ones.

You can in fact use different Apple IDs for iMessages, FaceTime, iCloud, iTunes, Game Center and so on.

It makes sense to use the same in some places such as FaceTime as it can be invoked in iMessages chats and it makes sense your Contact sees the same caller.

Also the iTunes and App Store can access the same payment details/pot of Money if using the same ID.

Using a joint, family Apple ID in iMessages is not recommended as everyone can see everyone else's iMessages

Removing Devices on the Apple ID pages is a better option.

That said removing them from iTunes should happen as you change iPhones and iPads as part of the update process.

10:29 pm Saturday; October 8, 2016