@john_munn says he’s been an Android user for years, no problem.
But 10 days into using a new iPhone, and whammo!
He gets a gazillion spam texts rapid-flooding iMessage, all in Chinese, like so:
Android user for years with no issue. @apple iPhone user 10 days and account hacked. #worrying pic.twitter.com/5DkaO6a24u
— John Munn (@john_munn) October 11, 2016
Two things: 1) he’s far from alone. And 2) it’s not Apple’s fault.
On Wednesday, Mashable reported that one of the publication’s employees saw a message in her iMessage account from a foreign number she didn’t recognize, written in Chinese characters.
After that, she got a notification that her Apple ID was being used on another device.
She clicked OK – the only option offered – and that’s when the flood began.
She changed her password and security questions and contacted Apple Support, where a representative told her that many others had been calling in with the same problem on Wednesday morning.
The rep said it looked like an attempt to steal personal information. She also said that the “hack” was “fairly new” and that Apple’s developers were working on it.
But for now, the rep said, there was no way of knowing if any of the Mashable employee’s personal information had been stolen.
Other users who reported the same problem:
@aliceharv mine too 😩
— Rajat (@CaptRajat) October 20, 2016
Waking up to a hacked Apple ID account: not cool pic.twitter.com/upeUqdd6Wn
— Quarry Quayco (@hilarion) October 13, 2016
Why put quotes around the word “hack?”
Because of point two: it’s not an Apple hack. There’s no sign that Apple has been breached.
As Naked Security’s Paul Ducklin hypothesizes, it’s looking like yet another case of weak passwords reused on multiple sites.
That’s supported by what @john_munn went on to say in subsequent tweets: that since the spam-a-thon, he went on to take Apple’s advice.
Namely, not only did he pick a proper password – one that’s unique and difficult to guess – but he also turned on two-factor authentication (2FA).
A London-based Twitter user who posted about the hack on 17 October told Mashable that the messages stopped after he changed his password and turned on two-step verification (2SV): another term for 2FA.
The Chinese spam iMessage problem goes back at least as far as August.
To keep from getting swept up in this mess, watch out for email or other messages that ask for your iMessage or Apple ID. They could well be phishing attempts.
If you’ve already been hit, change your Apple ID password immediately. Here’s how:
- On your device, browse to Settings -> iCloud.
- Tap on your Apple ID displayed at the top of the screen.
- Select Password & Security, then tap on Change Password. You’ll need to input your passcode to prove your identity.
- Type in a New password and then Verify it.
Make sure to also set up 2SV.
And take care if you sell your iPhone or bring it to a third-party servicing outfit. Before you hand over your device, make sure to remove your Apple ID.
Here’s more advice from Apple, and below is a video showing you how to pick a good, strong password.
(No video? Watch on YouTube. No audio? Click on the [CC] icon for subtitles.)
David Longenecker
Take care to remove your Apple ID from any device – iPhone, iPad, Macbook, etc., before selling it or turning it over to a service center. In at least one instance that I have firsthand knowledge of, the cause appeared to be a resold Macbook.
Antonio Fonseca (@antoniofonseca)
Crap article bashing Apple and Apple’s products, as usual.
Paul Ducklin
You regularly post comments like this, even when we write articles that quite explicitly say things like “this is not Apple’s fault.”
Why don’t we just agree that you are always going to disagree, no matter what the substance of the article might be?