Apple Insider is reporting on a few Apple discussion postings in which users have claimed their iCloud accounts were compromised. Some have complained they have found spam being sent to secondary e-mail addresses from their personal iCloud accounts, which have included links to spam services claiming to make money online, and also containing random text strings -- classic components to automatically generated spam messages.
Others have echoed that in recent hours they have experienced similar spam messages being sent from their iCloud accounts to alternative e-mail accounts and other entries in their contacts lists that were stored with iCloud.
These reports have raised suspicion that Apple's iCloud service may have been hacked in one way or another, but has it?
Even though the claims are enough to raise an eyebrow, there are other viable possibilities to consider. E-mail addresses can easily be spoofed, so it is not at all uncommon to receive a spam message that appears to have come from your e-mail account. Additionally, contact lists can be obtained from systems other than your own, such as those of friends and colleagues who may have similar contact lists as yourself.
Furthermore, some reporting these issues claim they are IT professionals with the knowledge to not leave their accounts vulnerable, but these days this means very little with regard to spam. In my daily personal experiences, I troubleshoot and deal with computer problems, and yet have found that such personalized spam is not an uncommon occurrence.
Overall, while it is possible a hack might have occurred, the reports so far are not that far off from most other spam behavior. Needless to say, just like those in other online services, accounts in Apple's iCloud will be subject to random guessing, prying, and phishing attempts by spammers, and the sudden appearance of spam in an account or what appears to come from the account is no indication that the iCloud service itself has been hacked. Nevertheless, if you do suspect foul play with your iCloud account, you can take the simple step of changing your account's password to ward off messages being sent via Apple's servers using your account credentials.
Apple has not yet responded to inquiries on this situation.