With that being said, Apple is not able to close or lock the Apple ID knowing that it’s been compromised. I can’t access, yet the crooks still can.
Unfortunately, in order to close or lock the account, they'd first have to be able to access it. Without the password, they can't. At least, not easily. User accounts on iCloud are stored as encrypted data within Apple's data centers.
But, it can be assumed they are either individual dynamic images, or are part of a large database of multiple users.
The first would be easy to remove as it wouldn't be connected to anything else. They flag the account image, delete it from the server, and done. That would break the entire account. So you would probably also suddenly lose access to your email if it's also an @icloud.com mail account.
The latter is much harder. Easy to tag the record to remove, but then the entire thing has to be copied to a new dataset while skipping those marked for removal. Then validate the new copy to ensure user data not being removed hasn't been damaged. Only then delete the previous database. Which in itself is simple, but then all remaining accounts have to be updated to point to the new dataset. Through all of that, hundreds, or more likely thousands of accounts would find themselves without access for possibly days. All accounts in the set would have to locked while the new copy was being made so data that was already written to the new dataset didn't change behind it. Otherwise, users would wonder what happened to photos and such they had uploaded to the cloud and were suddenly no longer there.
I work in tech and I’m pretty diligent, I’m not sure how the account was compromised but it happened.
It happens wherever crooks somehow get information they shouldn't have, or users have passwords that are common and/or easy to guess. Being in tech, I would assume you did not have a simple password. Like the birthdate of yourself or a family member. The name of a pet. Basically, any personal information that could be found with a simple internet search.
It's fairly easy to get half of the information. Especially if the iCloud is associated with Apple's servers. Since an account name is an email address, it could be as straightforward as k.lang@icloud.com (this address won't help anyone as there is no such account). So, if you can find out a person has an icloud.com email address (and those are very easy to find on business sites), you already have half of their account credentials. From there, it's only a matter of guessing, or getting the password.
And with all of the data breaches out there (billions of records), they probably lucked out and were able to put a live address and password together.
But we can't really know. There are more ways than that to get such data. Like a blind email to someone else you know who falls for something like, "Hey, the 40th class reunion is coming up. Do you know xxxxx's email address?" And bam, they have half of your ID.
The safest thing I know of to do is keep two accounts going. They can be on any email server you want. The first is a general address that is only used for emails. It doesn't matter how many people know it, the worst that can happen is they get into your email account with nothing else to find. The other is used only for your Apple ID. No one else needs to know what that address is, or that it even exists. That keeps your app purchases and other personal data far more secure. A crook would have to get hold of a device not on the lock screen to even find out what that address is.
