[ensignavenger]

Apple hasn't been forthcoming with details. They have thus far denied any responsibility. However, there is substantial evidence that it was indeed at least partly their fault.

There was a flaw that allowed brute force password attempts exposed here: https://github.com/hackappcom/ibrute

Apple also follows poor security practices like asking insecurity questions to allow users to gain access to an account.

Apple has claimed that it was most likely a 'phishing' attack. However, given the large number of victims, and the lack of any evidence presented to support such a theory, I am rather hesitant to believe them. Until further information is made available, I am forced to consider Apple to be at fault.