Alex53135

Q: My iMessage has been hacked

I went into the messages app on my computer recently and found out that more than 20 messages had been sent. The messages were all to Chinese numbers, and the messages in Chinese. Screen Shot 2016-03-07 at 23.36.11.png

 

Has anyone experienced the same? is my account hacked?

MacBook Air, OS X El Capitan (10.11.3)

Posted on Mar 7, 2016 2:39 PM

Close

Q: My iMessage has been hacked

  • All replies
  • Helpful answers

first Previous Page 9 of 12 last Next
  • by iZian,

    iZian iZian Oct 7, 2016 1:43 PM in response to mamawildbear
    Level 1 (94 points)
    iPhone
    Oct 7, 2016 1:43 PM in response to mamawildbear

    Tthis might be correct for some. But as we found there were no security alerts; no changes and no new devices. The messages settings on the iPhone wasn't even using the Apple ID at the time. We had the button at the top that said something like "use Apple ID for iMessage".

    There's been no indication of anything other than these messages. Nothing else; for us!

  • by Ralph Johns (UK),

    Ralph Johns (UK) Ralph Johns (UK) Oct 7, 2016 1:52 PM in response to iZian
    Level 9 (73,348 points)
    Applications
    Oct 7, 2016 1:52 PM in response to iZian

    Hi,

     

    If you read the first few replies there seemed to be no indication other than the display of the sent iMessages.

     

    Other than changing your Password and enabling Apple's 2 step verification which also needs App Specific passwords to be set up in addition for Messages and FaceTime there is not a lot to be done.

     

    Whilst this thread is 110+ replies and 9 pages these are still relatively low numbers of people involved.

    I understand there are other threads in Using iPhone and other forums here at the Apple Discussion pages.

     

     

     

     

     

     

     

    3Sigcopy2.png

    9:52 pm      Friday; October 7, 2016

     

      iMac 2.5Ghz i5 2011 (El Capitan)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),
     iPhone and an iPad (2)
  • by mamawildbear,

    mamawildbear mamawildbear Oct 7, 2016 2:00 PM in response to iZian
    Level 1 (9 points)
    iCloud
    Oct 7, 2016 2:00 PM in response to iZian

    Check the "in response to" header of my reply. I was replying to a different user whose account was hacked.  In your case it might be different. However, just because your current device isn't signed into iMessage doesn't mean someone didn't hack your account and start using iMessage on a different device. If you're not signed into iMessage you might not get the popup notifying you of a new device.  I'd still change your password if I were you.  As well as your email passwords and the passwords on any accounts where you have reused the same password.

  • by iZian,

    iZian iZian Oct 7, 2016 2:44 PM in response to mamawildbear
    Level 1 (94 points)
    iPhone
    Oct 7, 2016 2:44 PM in response to mamawildbear

    Thanks, yeah I saw wasn't reply to me. Just clawing for any more info really. question though; if the account was hacked, we got no email about new device; when we signed in on browser we got an email about it.

    SEcond: if the messages were sent from her Apple ID on iMessage, how did she see them on her iPhone that wasn't using the Apple ID for iMessage? (Is this a new thing that an iPhone can just use the phone number, is this some kind of pseudo account then in order to do this? And if so could that pseudo account be compromised? this is a huge leap. I'm trying to figure out how the messages actually showed up on her phone when she wasn't using an Apple ID for messages. )

  • by Pixierazz,

    Pixierazz Pixierazz Oct 7, 2016 8:46 PM in response to Alex53135
    Level 1 (4 points)
    Mac OS X
    Oct 7, 2016 8:46 PM in response to Alex53135

    Same thing happened to me tonight. Got a notification that my apple ID was in use on a different computer. Logged into my Apple ID site and didn't see another device connected (actually, only saw my MacBook, not even my iPhone). Then went to send a text message from my phone and saw I had 35 iMessages to china (+ 85 numbers). Changed my password and changed my apple ID email and the messages stopped. Have to wait 2 days to add 2 step verification since I just changed my apple ID email, but this hack is clearly still a problem.

  • by iZian,

    iZian iZian Oct 8, 2016 2:12 AM in response to Pixierazz
    Level 1 (94 points)
    iPhone
    Oct 8, 2016 2:12 AM in response to Pixierazz

    That's totally strange also.  I thought be able to see and remove devices you have to answer to security questions as well as knowing the password.

    In our case, we had a reasonably secure password that hasn't been used for anything other than Microsoft;  and the login credentials haven't been used on anything other than the dialogue boxes on the iPhone to sign into the iTunes Store.  No phishing attempts.  Email address has been secured with two  Factor authentication;  so no notifications via email would have been able to be deleted.

    Admittedly, my computer background is the Java programmer of over 10 years;  i've not specialised in security systems,  but I'm having real difficult time identifying how this happened to us.  Absolutely zero evidence of any activity on the account, or a hack.

    I also can't see anything in common with this account, and people also listing that they've been hacked.  Different countries, different service providers, different email providers.

    The only exception to the above, is that we ordered a new Apple Watch and entered the Apple ID credentials on to the Apple site when ordering Very recently. That's the only place they've been entered really since password last change that wasn't on the iPhone with a black keyboard in iTunes.

    You only reason it didn't write up the phone bill was because we have the send as SMS setting switched off.  That being said, if they had access to the Apple ID account why didn't they use either of the two credit cards on the account to make any purchases? Or something.

    That all this with the fact that iMessage wasn't using the Apple ID at the time,  i'm completely utterly clueless as to what has actually happened.

    Granted, I can see that with the same sort of  Messages are being sent, other people have clearly had the Apple ID compromised in some way,  even though they sometimes have new passwords  and it seems almost impossible,  and they report that after changing the password that the attack can continue or repeat,  The advice for us to change our password seems quite strange. We cannot turn on 2FA yet and  if this password has been compromised, it was a reasonably secure password,  what's to stop them getting the next secure password?

    Put it this way,  aside from the fact that I hadn't recognised that Apple offered 2 factor authentication until just the other day,  we aren't a pair of newbies when it comes to security.  We know how to spot a phishing email,  broken security,  malicious websites; we have 2FA on most accounts.  This makes zero sense to me,  if Apple has not been compromised / the iPhone itself.

    Sorry for the wall of text

  • by rofromcolorado springs,

    rofromcolorado springs rofromcolorado springs Oct 8, 2016 4:24 AM in response to Alex53135
    Level 1 (8 points)
    Oct 8, 2016 4:24 AM in response to Alex53135

    Yes, I just woke up to the same thing! image.png

  • by mamawildbear,

    mamawildbear mamawildbear Oct 8, 2016 7:45 AM in response to iZian
    Level 1 (9 points)
    iCloud
    Oct 8, 2016 7:45 AM in response to iZian

    I agree with you. It is very strange. I had a friend who thought it was probably due to the Yahoo breach that allowed hackers to steal 500 million user names and passwords. I thought that sounded reasonable because the hackers could try those passwords on Apple and see if they worked. However I've asked a lot of people who had their Apple ID compromised and not all of them used Yahoo and not all of them used the same password for their Apple ID as they did in Yahoo. No one is getting any notice of a password change on their Apple ID and they can all still login with the existing password. That means the hackers are somehow discovering the password. How? If they were just randomly guessing, accounts would be getting locked. 

  • by iZian,

    iZian iZian Oct 8, 2016 8:17 AM in response to mamawildbear
    Level 1 (94 points)
    iPhone
    Oct 8, 2016 8:17 AM in response to mamawildbear

    I Have just got off the phone with Apple care and spoke to senior advisors.

    THey agreed that the strange thing in my case was that the iPhone we used wasn't signed into the Apple ID for iMessage at all. Apple Care did suggest that I wouldn't receive an email if the device they used was just used to sign in on iMessage as that's not part of the iCloud system.

    However we kept revisiting the fact that the phone wasn't used with the Apple ID for iMessage. They made sure to tell me that the account could have been compromised from another service; but we are secure and the only other service that used this password was Microsoft, and that had 2FA on it so the email wasn't compromised.

    Finally, revisiting the lack of Apple ID in our case; the tech conceded that we might never know what really happened. But we both thought that it could be possible that they used iMessage to send as her phone number somehow and that synced back to her phone via iMessage. My thoughts on that were primarily because to sync iMessages between my Mac and my iPhone I had to sign in to my Apple ID on both To get it to work. But since she wasn't signed in to her Apple ID on that phone for iMessage or FaceTime; how could the messages get synced to her device; the only slightly reasonable explanation was that they sent with the phone number. But how that's possible? He couldn't answer.

    We went through about 10 other ways the account could have been compromised, the only way that was half plausible was if they knew her security questions or card Details. But since the password wasn't changed and there's nothing that links her card details to her Apple ID email (hacker might have one but unlikely both) and she herself could hardly remember her obscure answers to her questions, unlikely too. And still didn't explain the lack of Apple ID on iMessage.

    In short; our problem is not resolved; we have changed password and will enable 2FA but any device already signed in won't be challenged. But he said no devices were signed in to iMessage. The point, not even hers because she wasn't using it On her Apple ID.

     

    my feelings on this? Due to the world wide scale of this; the fact people had just changed their passwords, people without Apple ID in use even, I think there's something wrong at Apple's end here. I hate to believe it, people will call it impossible, but the crucial thin in our case was the Apple ID was not in use for that phone number. The only way to sync to the phone was through the phone number; how can the stackers then compromise an iMessage account that's not linked to anything, has no ID, no password, no email? This stumped Apple and us. They're happy to put it down to account security even though everything points to it not being.

  • by Ralph Johns (UK),

    Ralph Johns (UK) Ralph Johns (UK) Oct 8, 2016 1:32 PM in response to iZian
    Level 9 (73,348 points)
    Applications
    Oct 8, 2016 1:32 PM in response to iZian

    Hi,

     

    The Messages app that could iMessage was on the iPhones long before iChat was corrupted into Messages on the Mac.

     

    Initially the iPhone could have the Apple ID added and both would "see" the iMessages but this form of Syncing back in Mountain Lion (OS X 10.8) and Messages 7 was  very limited.

     

    The iPhone number has to be verified first but has always been it's own iMessages ID

    It becomes devices specific by using the Serial Number.

    That gets added to the Mac version at the OS X 10.8 update and make Messages version 7.0.1

     

    Improvements to the "Display on All Devices" type of "sync" Apple uses have followed and at Yosemite and iOS 8 you could also add in SMS/Text Forwarding.

     

    How and where you are in this process  and whether you have "unlinked" the devices will play a part on which devices see what iMessages.

     

    I have two iCloud valid Apple IDs and at one time had two iPhones.

    I used an Apple ID with each.

    At first only one was linked to the Mac version of Messages then I was offered to link them.

    At the time I thought it would keep some of the info separate but soon the second iPhone was getting iMessages sent to the other iPhone's number and the other ID.

    I used this to remove the iPhone number https://selfsolve.apple.com/deregister-imessage

    There is no place to remove an Apple ID.

    The second Apple ID literally pops up now and then when a device spends too much time not logged in to iMessages.

    Even if you say no to the pop up it is still added to the device but as an in active option.

    It is easier to remove the ID on the iOS devices (remove this email in Messages' Send and Receive Settings) than it is on the Mac.

     

    Where your devices sit on this history and how many changes you have made along the way will have an influence.

     

    Having said that if you are saying the iPhone has never been linked to an Apple ID but it is seeing iMessages not sent by it then that would be a first.

    3Sigcopy2.png

    9:32 pm      Saturday; October 8, 2016

     

      iMac 2.5Ghz i5 2011 (El Capitan)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),
     iPhone and an iPad (2)
  • by iZian,

    iZian iZian Oct 8, 2016 2:03 PM in response to Ralph Johns (UK)
    Level 1 (94 points)
    iPhone
    Oct 8, 2016 2:03 PM in response to Ralph Johns (UK)

    Thats a lot of good info there.

    So she might have been in some sort of hybrid state then. She had her Apple ID in use on that iPhone fire iTunes and for iCloud etc. But none for FaceTime and iMessage. On Apple's system they could see no device logged in with the Apple ID for FaceTime even after we enabled the Account on iMessage.

    Tthat being said; she has never used iMessage on anything but her iPhones. I can't attest if she ever had used the Apple ID in the past but at the time this "attack" happened; iMessage was turned on and in Send & Receive there was just the mobile phone number (once) and an option to use Apple ID for iMessges that when selected required the account password.

    IN retrospect I should have tried using her account in another device first to see what would have happened.

  • by racerhomie,

    racerhomie racerhomie Oct 8, 2016 2:16 PM in response to Alex53135
    Level 1 (103 points)
    Wireless
    Oct 8, 2016 2:16 PM in response to Alex53135

    4 pieces of Advice

    • Change Apple ID password(Not used in another web account)
    • Enable 2 Key Authentication
    • Report Number as Spam
    • Remove devices you don't own from list in iTunes
  • by Ralph Johns (UK),

    Ralph Johns (UK) Ralph Johns (UK) Oct 8, 2016 2:23 PM in response to iZian
    Level 9 (73,348 points)
    Applications
    Oct 8, 2016 2:23 PM in response to iZian

    Hi,

     

    I saw your more details posts about speaking to Apple after my post.

     

    That said there are possible hybrid states as you call it.

    The Apple ID site will list Active IDs https://appleid.apple.com/#!&page=signin

    Then the Account page and further down that page "Reachable at" (it reads next to it the following)

    Adding contact information helps friends and family reach you using iMessage, FaceTime, Game Center, and more.

    What you cannot do there is remove any of the listed item.

     

    My iMessages Account is based on my Oldest Apple ID (an old dial-up account)

    I linked that to iCloud when iCloud came out and got an @me.com ID and later and @iCloud.com one as well.

    The @me.com one is actually listed as my Main ID  but also as an Alias. (i.e. it is listed twice).

     

    Effectively it mixes iTunes, iCloud and iMessages IDs in this section (Although I do use them all in mail in some form - two are linked as one Mail Account (@me.com and @icloud.com). )

     

    Even though at one level my original ID and @me.com and @icloud.com are linked the Messages App does seem to treat them as Separate IDs when listing them for iMessages.

     

    As you say knowing the Apple ID and seemingly the password should give them access to this page (I am sure Apple Can tell when it was logged in to and from where).

    However as far as I know you can only link the iPhone and Apple ID by manually entering it on the iPhone.

    It is not possible for what I know to add the iPhone from the Apple ID page (you can add IDs (emails) at the "Reachable at" option).

     

    However some of this is conjecture and speculation at best. (backed by 15 years with iChat and Messages).

    There are still gaps in my knowledge when it come to the absolute finest details of how  it works in some circumstances.

     

     

    3Sigcopy2.png

    10:23 pm      Saturday; October 8, 2016

     

      iMac 2.5Ghz i5 2011 (El Capitan)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),
     iPhone and an iPad (2)
  • by Ralph Johns (UK),

    Ralph Johns (UK) Ralph Johns (UK) Oct 8, 2016 2:29 PM in response to racerhomie
    Level 9 (73,348 points)
    Applications
    Oct 8, 2016 2:29 PM in response to racerhomie

    Hi,

     

    As I posted you can't remove IDs from the "Reachable At" section of your Account settings at Apple ID.

    The iTunes Servers are separate from the iMessages ones.

     

    You can in fact use different Apple IDs for iMessages, FaceTime, iCloud, iTunes, Game Center and so on.

    It makes sense to use the same in some places such as FaceTime as it can be invoked in iMessages chats and it makes sense your Contact sees the same caller.

    Also the iTunes and App Store can access the same payment details/pot of Money if using the same ID.

     

    Using a joint, family Apple ID in iMessages is not recommended as everyone can see everyone else's iMessages

     

    Removing Devices on the Apple ID pages is a better option.

    That said removing them from iTunes should happen as you change iPhones and iPads as part of the update process.

     

     

    3Sigcopy2.png

    10:29 pm      Saturday; October 8, 2016

     

      iMac 2.5Ghz i5 2011 (El Capitan)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),
     iPhone and an iPad (2)
  • by iZian,

    iZian iZian Oct 8, 2016 3:03 PM in response to Ralph Johns (UK)
    Level 1 (94 points)
    iPhone
    Oct 8, 2016 3:03 PM in response to Ralph Johns (UK)

    Sstrange thing; Apple couldn't see any evidence that the account was used by anyone else. They told me that iMessage is a separate system to the iCloud system. Doesn't trigger emails to account holder. They could not see any devices on the ID other than our iPhone and couldn't see evidence of anything else. In fact, the only thing they could see was my contact to them saying this happened.

    Either theyre incompetant or the system system doesn't show this login info, or truly this is a new type of attack.

    no evidence of anything anywhere. No password change. No login notifications. No devices showing In iCloud, Apple ID site or iTunes other than the iPhone, no purchases. no explanation from Apple. Nothing on their system. No explanation of how a message can sync onto a phone that's not using an Apple ID for imessage other than someone used the number to send an iMessage 'somehow'.

    WHen the Apple ID was activated it showed only her 2 email addresses in the receive list (and her number) that she has as reachable at. There are / were no alien details.

    THe moment we logged into Apple ID site we got an email about it. If there was an account compromise they logged into no service that triggers an email at all. Email 2FA so not compromised.

    THanks for all your info though.

     

    MY worry (after an off the cuff comment the seemingly less intelligent level 1 support made) was that perhaps the phone itself became compromised somehow. But she has received no bad emails or messages (unless it deleted itself). This doesn't fit with it being iMessage only.

     

    im annoyed. We take security v.seriously. This password was secure. It was like 2 months old and due for change. the only non iOS place it was entered was on Apple to order an Apple Watch.

    THis is all too strange. Nothing linking the victims. Unless we all bought Apple watches!

first Previous Page 9 of 12 last Next