I know how it was done now. Confirmed with both the hacker and Apple. It wasn’t password related. They got in via Apple tech support and some clever social engineering that let them bypass security questions.
Mat Honan explains how his iCloud password was obtained. Humans, always the weak link.