You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Some random MacBook signed into iMessage with my ID?

An unknown MacBook by the name of "macen的iMac" signed into iMessage using

my Apple ID, with a pop-up on my phone stating "Your Apple ID and phone number are now being used for iMessage on a new Mac", and said MacBook appeared in my devices. I went and checked the email associated with my ID, and the email I received looks legitimate. Here's the body of the email (with personal info withheld):


"Dear <real name>,


Your Apple ID (<correct email address associated with ID>) was used to sign in to iMessage on a MacBook Air 13" named “macen的iMac”.


Date and Time: July 31, 2019, 12:09 PM PDT


If the information above looks familiar, you can ignore this message.


If you have not recently signed in to a MacBook Air 13" with your Apple ID and believe someone may have accessed your account, go to Apple ID (https://appleid.apple.com) and change your password as soon as possible.



Apple Support"


Still, I visited the ID site on my computer to change my password and turn on two-factor authentication, avoiding the link in the email just in case. I also removed the device from my ID and installed the Malwarebytes app on my phone in case a web ad was somehow to blame for this.


Am I good? And how did this happen?

iPhone 7

Posted on Jul 31, 2019 3:18 PM

Reply
Question marked as Top-ranking reply

Posted on Jul 31, 2019 4:38 PM

Any chance you used the same password somewhere else? Somewhere that was compromised? I recently had my first ever BitCoin threat/scam and they did indeed know a password I had used - but it was one I had used years ago when I first set up my Sony PS store account so had already been changed several times since. Sony was indeed hacked some years ago and passwords stolen, and those passwords then get past around on the web. People will try to use them for scams or to access accounts based on your email address or name.


it’s one good reason to use keychain and/or invest in a good password manager (I use mSecure but 1Password is also well reviewed) and never use the same password with two or more sites or accounts.


BTW, yes, that message seem to be authentic and follows the format of the ones I receive when I get a new device and first sign in to iCloud on it.

Similar questions

9 replies
Question marked as Top-ranking reply

Jul 31, 2019 4:38 PM in response to LibraryWhale

Any chance you used the same password somewhere else? Somewhere that was compromised? I recently had my first ever BitCoin threat/scam and they did indeed know a password I had used - but it was one I had used years ago when I first set up my Sony PS store account so had already been changed several times since. Sony was indeed hacked some years ago and passwords stolen, and those passwords then get past around on the web. People will try to use them for scams or to access accounts based on your email address or name.


it’s one good reason to use keychain and/or invest in a good password manager (I use mSecure but 1Password is also well reviewed) and never use the same password with two or more sites or accounts.


BTW, yes, that message seem to be authentic and follows the format of the ones I receive when I get a new device and first sign in to iCloud on it.

Jul 31, 2019 5:27 PM in response to LibraryWhale

It would be pretty hard to spoof an Apple push notification, which uses the same text as the email they send. Push notifications require your consent so anyone spoofing one would have to actually physically replicate Apple’s push notification server.


Plus little things like proper spelling and grammar, which most scams actually do not get completely correct, and keeping the time in PDT (since Apple notifications are all based on their headquarters time zone). And including and sending to your primary verified AppleID email address. Those are all concordant with a legit message about a new device signin. The email should also have come from noreply-at-email.apple.com (with of course the -at- being @).


It wouldn’t hurt to change other online passwords though as you only know about exploits often long after the fact (how many have only become public years after the fact).


The fact you were able to re-secure your AppleID is a good sign though - the crook will now be blocked from access.


If you only have a single Apple trusted device though, with 2FA it would be wise to register another trusted telephone number. You can receive 2FA codes on any trusted voice or SMS capable telephone number (my backup number is a Google Voice number, so even a VOIP number can work).

Some random MacBook signed into iMessage with my ID?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.