[Closed] chinese imessage hack,

No, but thanks for the info..

meant to add, turn on two step authentication. I've got it turned on for everything else, I didn't realise Apple had added for icloud accounts.

what sort of password did you have btw? uber-complicated one, or something simple that could be guessed/brute forced?

not uber complicated but on its own reasonably secure

having done a bit of reading, may have been the same email/password as my linkedin login who suffered a major hack last year.

This site is pretty useful https://haveibeenpwned.com/ will tell you if any of your accounts you have been hacked if the data has been published.

useful. looks like it might have been from a defunct last.fm account.

I always use Safari/iCloud to select & manage a different totally random password for each website now. I used to have the same password for everything but when you think about it that's a terrible idea given how many hacks there are these days!

Sophos have released some info on this, seems to be weak passwords or re-used passwords from previous hacks.

meant to add, turn on two step authentication.

Good reminder, just done it...

just to add to this, I just got my monthly bill from O2.

Despite them not actually showing on my phone, 104 messages got sent to chinese mobile numbers in the 4 minutes it took me to kick out any logged in devices and change my password.

O2 have credited the £30 of charges accumulated back to my account.

If it was iMessage, why were there O2 charges? iMessages go over a data connection, and even 104 would be a negligible amount of data.

I use Giffgaff which is effectively O2 and never see any messaging charge for iMessage.

they came up as SMS charges. I guess once I killed iMessage, my phone tried to send them as SMS.

but there were maybe 9-10 messages showing on my phone with one showing as a failed text message, not 104.

O2 didn't argue about it at all, so I'm guessing they must be aware of it.