For the accounts the breached by using the security questions, they had to change the users' passwords to get into the account to pilfer the content. Without changing the password, they could not get in.
They still would not know the password because the system doesn't know the original password to reveal it to anyone. It merely gives someone who "proves" they are the owner by answering the security questions the opportunity to change the original password to something else. There is no way there can be two passwords simultaneously. Ergo, the original owner is locked out.
The celebrity who had her password hacked would then use the same method to get back in and change it to some thing else (Apple does not allow an already used password to be re-used), locking out the bad guy. . . who can then rinse, and repeat so long as the owner doesn't change the security questions to something NOT in her fan biography.
I think if 600 celebs (many of whom probably personally know each other) had their passwords changed on them multiple times, there would (A) have been chatter going on around Hollywood “Did that happen to YOU too?” and (B) some removal of more compromising images.
At this point have there been public statements by any of the hacked celebs that they did indeed have to change their password to access their systems? Sounds like hundreds should have that tale.
I hate sites which do not let you make up your own security questions. "What is your mother's maiden name" can be looked up. "What was the name of the first person you slept with" is harder for strangers to find out, even for celebrities.