Q: My iMessage has been hacked

Could be...I also have an Apple Watch.  I was not using my wifi on my phone or computer when it happened to me. 

Yes but did you order it from Apple not long before you were hacked? It's a wild idea Based purely on where that password was ever typed in.

Same with me! Really concerned about the iCloud situation...

Humm,

The second person to post after Linc's "change Password" advice states:-

... Now this morning, March 10th, it happened again.  When I checked my phone this morning, it said my Apple ID had been used on a new iPod touch.  So, I promptly changed my password.  I'm concerned now about charges to my Apple account or cell bill... as well as privacy in regards to banking info, passwords, etc. ...

It then seems several other people report seeing an iPod Touch as the used device that joined the devices.

An iPod touch would use an Apple ID and not the iPhone Number.

If the user was only using a Mac and therefore only an Apple ID they would still be able to enter the Apple ID.

Technically they would need the password  to access the iMessages servers.

Other than using an iCloud valid ID and checking the login with the Apple ID servers iMessages has nothing to do with iCloud.

In effect you can you a different ID for each server (iTunes, iCloud and it's collection, Game Center, FaceTime, iBooks, iMessages, App Store).

If the iMessages servers are not listing an additional Device then it must be some form of attack outside of a basic Account hack.

There also seems to be differences in how people come to find out their iMessages account is being used.

Some seem to see the messages.

Others appear to describe the Pop ups about a "New Device" but other do not.

As this 10 page Thread has progressed it also seems there is a change in the reporting or what people are seeing and it does not appear to be quite the same now.

I am still at a loss as to how it is happening and whether the accounts are really hacked.

8:10 pm      Sunday; October 9, 2016

Hi,

The same what exactly ?

In System Preferences > iCloud there are not setting for iMessages, FaceTime, iTunes, The App Store, Game Center, iBooks to name some of the services that you might need an Apple ID for.

That said the iMessages ID mus also be iCloud valid even if it is not using as the iCloud ID.

iMessages account on the Mac logs into the iMessages Servers and as part of that check the ID against the Apple ID servers.

However the Mac also uses an Auth Token to "prove" that the call is from your Mac (it is based on the Serial Number)

All devices that use iMessages use the Serial Number to make a  Device Specific Login.

i.e. it is impossible to spoof the Mac or iPhone or other devices.

There is not check though when adding other devices.

Someone with access to your Apple ID and password could add another device.

It can start sending Messages even before your accept the pop ups on other devices and Denying the pop only adds the device/ID used as an Alternative but in an inactive form.

Potentially there is some risk to your iCloud account if you use the Same ID in iCloud.

On the Apple ID site you can see the devices listed that people can contact you On.

The list does not point out which are iMessages, which are FaceTime or the Game Center.

They are not listed for Mail (iCloud), Photos (iCloud)

However these also cannot be removed.

At present nothing in this thread has suggested that an iCloud account (if the ID is used in both places) has been compromised other than somehow iMessages from non registered devices are getting into the system.

8:37 pm      Sunday; October 9, 2016

TThat's what worries me. Apple level 2 tech are happy to just put this down to the user givin away their password and they can sleep at night. It gets escalated no further. Why can't you spoof a serial number? Perhaps before they attacked by logging into iCloud first if it is an account hack and because that gave warnings they have changed to just log in against iMessage. Perhaps there's a brute force hole in iMessage? We will never know and Apple don't care.

ALl I have is speculation though. Since I have no access to their system. No log of activity. Just some iMessages on a phone with nothing else at all. But there seems to be a volume of people with this issue. Forget the small number we have here; when you have news that someone has called up their carrier in the U.K. And been refunded the £600 ($601) because the support guy has heard "a lot about this to other people". the victims only have in common that they use Apple devices.

Same here!! They sent out about 20 or so messages today!  I changed my password! Is that all I need to do??

At around 3:50 am PST I had my iMessage send out what appears to be spam messages to China as well. I received two separate emails from Apple, first stating that my Apple ID was used to sign in to iMessage on a MacBook I do not recognize and second, that my Apple ID was used to sign-in to iCloud from IE on a windows PC. Both of which I did not do.

Aside from changing Apple ID password/security questions. I was told on the phone I cannot update to 2 step verification for 3+ days.

My guess, is all of our passwords were compromised either by a bot, or Apple security leak. When viewing Devices, it only shows active, which are both correct even though my emails and iMessage seem to have been accessed by devices not visible to me. Is there a way to view all previous SN/devices/IP address that were used?  I do not need to know this info, only for Apple Support to confirm that a separate device accessed my account and how that was done(password entered).

*edited: furthermore, I believe I was locked out of Apple ID a second time sometime today. Appears the bot/person is attempting to access Apple ID again.

TThat's what I was wondering too.  I did everything you did, also!

On finding out we had been comprimised on icloud and mac & phone last week.  We at first tried changing the email & password set for the account we already held.  It worked for a short number of hours.  Tried to log in again and it was saying that we couldnt and passwords were not recognised.   So in the end we lost out on any itune purchases or apps made to this account and had to choose to rid this hack by.  Opening a brand new apple account and start all over again by rebooting mac & phone   very dissapointed that apple dont seem to think this is important enough.  shall we rebill you for our music and apps that we have lost??  think about that.

Hi,

A link would be helpful.

iMessages either go as Data via the Carrier if there is no WiFi or they go over the WiFi to the Internet.

I doubt, based on the number reported here that the data amount would run up such charges even if there was no WiFi route to the Internet.

I must admit since I posted this in the Lounge where the Hosts can see it they have not made a response to indicate that they have bumped it upstairs.

8:32 pm      Monday; October 10, 2016

It was on Reddit I believe. I'll have to trawl.

ITs not data. Consider this scenario: it costs 50p to send a SMS to China (perhaps). Consider the SMS is 160 characters. Actually, when you use a character set with emoji like these spam that limit is now 70 per SMS. Also, each new line and multi byte emoji (or Chinese symbol?) takes up 2 of those 70 limit Then the limit is effectively about 40.

LEts say £600 at 50p is 1200 SMS

1200 SMS?? From 120 iMessages ? 3 batches of 40.

Thats 10 SMS per iMessage attempted. 400 characters at 40 per message in emoji and Chinese. Plausible?

but how the SMS? There's a setting in messages that I have turned off; send as SMS. When the target doesn't have iMessage or the data network isn't available, send as SMS.

NNow ive not confirmed this last part yet; but when I had this setting on and my home wifi went down years ago I ended up sending an SMS to the USA because the iMessage "times out".

ALl these undeliverable spams (to non iPhones?) or if your data drops, can the phone with this setting start trying to send them as SMS for you instead?

thats my theory. If I'm wrong, phew. problem for me to test is my Mac is authorised to send SMS messages anyway even without the send as SMS setting turned on. So not sure what would happen Or how to do a test without getting all my accounts off the Mac and starting over.

This is the exact thing that happened to me today.  At least one of the same phone numbers.  I disabled iMessage when this came up.

Hi,

Yes Text Forwarding would have to be On.

Which in turn means the Send as SMS option is On.

As most of the pics of individual iMessages are the Blue Send type we know they are being sent as iMessages.

A pic of the iPhone's collection of open/started chats does not show whether they are incoming or outgoing iMessages of even if they are SMS in either direction.

I do concede that some people might have the option to send as SMS and that in some cases the Apple ID could be used (to other iPhones as in the pics).

I think we need more info on that front.

8:25 pm      Tuesday; October 11, 2016

I have had the same thing happen as many of the most recent posters here.

At 1:33 am PDT on October 10th, I received an email that someone had signed in to imessage using my account on an iMac 27 named "iMac14,2"

I immediately changed my password, but exactly 24 hours later, there were 37 messages sent from my phone to Chinese numbers. The very first one was only 3 number 1s sent separately (as a test?) to the following number: +63 949 577 1323. The other 36 were all to different numbers and included emoticons and url links.

While on Reddit, I found a thread in which many other people quote the same number to which the "1"s messages were sent, which seem to have been a test.

We have a phone number, is there anywhere we can report this?? It seems like it could help find whoever's using our phones/IDs.

Just a thought.