It was recently announced that a vulnerability has been found that allows people to change a users iCloud login credentials.​

​It seems as if a hacker can gain access to your account using a combination of birth date, email address and a "modified url"

At time of writing, Apple has taken down it's iForgot link that allows you to answer security questions to reset your password. ​

Apple also just announce a two step authentication process for accessing your account which we would strongly urge you set up. It currently takes 3 days from setting up to implementation  to protect your account.​

Here's the link from Apple that describes the process: ​Two Factor Authentication