>That's exactly what I said, except for your pro-Apple spin.
My reading of your post was that it implied that Apple were lying. The iCloud servers were not breached, but individual accounts were hacked, pointing out the facts is not pro-Apple spin.
>Failure to enforce lockout after multiple failed login attempts is pathetic and there's no excuse for it.
Apple lock out accounts for eight hours after 12 failed attempts.
Apple's reset process invloves providing email address, date of birth and the answer to any one of a number of securty questions (e.g. The name of your first pet). Unfortunately for people in the public eye most of that information is likely to be easily available from a number of sources and like most people they wouldn't think of just making up an answer, so a quick trip to Google will almost certainly allow you to gain ilicit access to the account of pretty well anyone famous.
Is this Apple's /fault/? Debatable. There are more things they could do, but then there are already additional security features available for Apple accounts that do not appear to have been turned on in this case (e.g. if you have 2FA turned on, then the password reset process will also require you to go through that).
So we're back to square one, is it the fault of any company if users who do not use the security features provided then have their accounts breached?
No. It's the fault of the people who gained access, in the same way that if you forgot to lock your front door it's not your fault if someone steals your TV. What you did might have inadvertently made it easy for them, but make no mistake that the person at fault is the thief.