Add another one to the list of unfortunates. I woke this morning to a notification that a 13" MacBook Pro "macen" had accessed my Apple ID, and I had 80-some Mandarin messages sent to 80-some different Chinese numbers with country code +86. Apple caught it and locked my Apple ID before I was even aware (this all happened between 1:00 and 2:00 this morning), and I was able to recover it. I changed my password and security questions for Apple as well as the Gmail address I use as my Apple ID, and everything is working fine.
In my case, I suspect it's from the Linked In hack. I stupidly used to use the same password occasionally, and my Apple ID was very close to what I think I used on Linked In before I canceled my account back in 2012.
I've done everything I can to lock things down, but I'm very frustrated that they're now forcing a three-day delay after changing your password before you can activate two-factor authentication. I can't do it until October 5 according to the Apple ID site, so I guess I just have to keep my fingers crossed my account isn't compromised again before then.
I called my mobile carrier to notify them, and they confirmed that since the messages were sent using data, there will be no international charges applied. Since I have unlimited data, I don't have anything to worry about there, but those on very limited data plans might want to call their carriers just to be safe. Also, it may be an overreaction, but I called the credit card companies for the cards I had in my Apple Wallet and had the accounts shut down and new ones reissued. Maybe we're just being hacked to send spam, but I felt nervous about a larger plot to harvest data, and I don't feel confident they couldn't have accessed my card info. I'd rather deal with a few days of inconvenience to have that peace of mind.