This is pretty much what I thought — the hackers got in by using the password recovery feature. All they’d need is the celebrity’s Apple email address, and information about their lives, and they could guess the answers to the security questions. And once they got into one celebrity account, they had access to their address book, with email addresses for other celebrities. Chain reaction.

The lesson here is: NEVER give correct answers to security questions. Make something up, and use that for your answer instead. That way, hackers can’t guess the answer by researching your history.

And also, use a different very strong random password for each service. If you reuse your passwords, you’re asking for trouble.