From what I’ve read on the subject, this seems to be a combination of two things:
1) For whatever reason, people take these “selfies” on their devices, possibly without the realization that these devices are automatically backed up to a cloud service, and therefore those photos/videos have been uploaded.
2) A lot of poor password practices out there. Full details haven’t been released, but it looks like a brute force password attack targeting the most commonly-used passwords.
Doesn’t sound like a systematic flaw to me, but rather poor judgement - on multiple levels - on the part of the people who got “hacked”.
Not that I’m trying to “blame the victim” here, the people who accessed the accounts and disseminated the pictures are scum, but even though the guy who robs your house is guilty as sin, you’re still due for criticism if you didn’t lock your doors.
“brute force password attack “
Which is easily stopped, and Apple didn’t stop it. Apple has extremely poor server software and security.
The real story here is that Apple is easily hacked and should never be used due to having poor system and software security. The sad thing is most people do not know that Apple iPhones and iPads by default copy everything to their cloud. Apple claims that is an “automatic backup”, when in my book it is outright theft.