No, it was because celebrities are normal people and tended to use the same password for multiple services. One service was compromised, which compromised every other one because the passwords were the same.
My understanding was that some iCloud account login endpoints (associated with Find My iPhone) didn't have any rate limiting for password failures, and this allowed brute force to work for targetted accounts.
Really? It seems to me that most articles conclude that it wasn’t iCloud that was hacked but the celebrities.
Apple also released a press release[1] saying that they “have discovered that certain celebrity accounts were compromised by a very targeted attack on user names, passwords and security questions, a practice that has become all too common on the Internet. None of the cases we have investigated has resulted from any breach in any of Apple’s systems including iCloud® or Find my iPhone.”
It clearly shows that iCloud was very susceptible to basic social engineered attacks. Their statement on the subject is vague and misleading. There was no breach of iCloud passwords database, but if somebody just "guessed" the answers to the security questions, that counts as a breach for everybody else.
FBI has made one arrest and the investigation is still on going. We probably would not know until it's over, but at least one celebrity, Kirsten Dunst suggested her images were taken from the iCloud: https://twitter.com/kirstendunst/status/506553772114317312
Again, what most articles you have besides Apple's hand waving?
The images in The Fappening came from a variety of cloud services, including iCloud. I think the hackers were getting access primarily via social engineering.
There was an iCloud hole that was discovered around the same time as The Fappening, but no evidence that it was used by them before it was patched by apple.
