This is a horrible story about a guy having his shit taken from him. He lost a year’s worth of photos. Think about that? [shudder]
But it wasn’t weak passwords or a poor password policy that let the hacker in. It was social engineering.
I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions.