updated 09:41 pm EDT, Thu May 17, 2012
Isolated reports suggest rare breach
A small number of users in the Apple Support Communities have reported that their iCloud e-mail accounts may have been compromised by spammers, even in cases where the user had a strong, randomized password. Reports began flowing in of mostly little-used iCloud accounts sending out spam messages, replies to which alerted users of the problem. Apple has not commented on the issue thus far.
Users who have reported the issue are concerned that Apple's servers themselves have been breached, since the brute-force password guessing method usually used would not have been practical or effective in the case of some users. The spam e-mails appear in the users' "Sent" folder on iCloud, are delivered to users whose contacts are synced with iCloud and are the "make money with your computer" type fake job postings. Those affected have reported the issue to Apple, but the company has not issued an official response so far.
There are only around 35 reports of the activity, while iCloud is reported to have over 120 million users, so it is unlikely that any large-scale breach has occurred. Users of iCloud are encouraged to check the iCloud "Sent" folder through a web browser or using their e-mail client and if any spam messages are seen, report it to Apple and change the password of the account.