Q: My iMessage has been hacked

Hmm, seems like we could be onto something then. They could be obtaining passwords another way, but it looks like this MySpace DB is at least one strong possibility. Thanks for the reply btw.

Probably. There have been more major data leaks like this. LinkedIn took a big (similar) hit and, again, all passwords were stored hashed with SHA1, which is never recommended. The increasing confidence I have is from the fact that both victims I spoke to only appeared in the MySpace DB (according to (potentially outdated) leaked source search engines). It'd be impossible for me to guess what else they're using.

The imessage hack sending casino advertisement happened to me today.

and I chatted with a tech today and his only suggestion was to update but I don't have the newest version available yet. Dude was not helpful at all. I told him about the Chinese texts and he said he's aware of this and the engineers are working to fix it. I let ATT know so they can waive my international fees!

That's too bad you got somewhat unhelpful advice there. Considering someone used your password to sign in a device in another country and send out Messages from your account, updating your own device at home would be unlikely to have any affect on that.  Secure your account instead. Try two-factor authentication.  Now if you're devices aren't yet updated to support two-factor, you might want to do that.

Thanks. I just found that on my own and activated it. But I'd like to know how to get my language back to Chinese and remove that losers email address from my apps!

The tech should have advised me to use the 2 facto authentication

ssorry but no. Cadiva69; if you enable 2FA after you are hacked (actually sometimes you can if account changes) then you are done for, cooked, you've handed over control.

APples 2FA will not challenge an already authenticated device. So the moment that happens they can use a device that they're signed in on to change your password, add phone numbers to your 2FA, remove your email address and lock out your other devices.

HOw do I know? When I enabled 2FA I wasn't asked to challenge or auth my Mac or iPad. Not until I changed my password and signed them out.

ENabling 2FA when you're already hacked could be a suicide pill

The first step is obviously to change your password. That challenges your messages registration for all devices and locks the hackers out. That's what I meant about "secure your account" in my above answer. However, to prevent people from guessing your password in the future and going through all of this again, you can turn on 2FA. Someone else then wouldn't be able to sign into your account and add a new device to messages without access to one of your existing trusted devices.

I misunderstood. Changing your password locks you out of 2FA for 3 days though I think. That what happened to my partner; first thing she did was change password (even though no evidence account was compromised) and then we were not allowed 2FA for 72 hours. To stop hijack