Apple has denied any wrongdoing in a press release, instead suggesting that the attack was down to culprits targeting usernames, passwords, and security questions. From the statement, we can glean that most if not all of those afflicted by this incident did not comply with the highly-recommended two-step verification Apple offers to bolster accounts against such events, and as such, the victims in this case perhaps did not protect themselves as well as they might have.

http://www.redmondpie.com/apple-icloud-wasnt-breached-in-recent-celebrity-photos-leak/