It was actually a distributed campaign with multiple hackers with different methods but the main leaks were due to the following problems:
1. Bug in some Apple services allowed unlimited login attempts
2. Bug in Apple backup restoration function allowed bypassing multi-factor authentication (or was it confirmation email?)
This is all from memory, I might be wrong about the details. Anyway, that Apple initially blamed this on weak passwords and now phisihing clearly demonstrates what kind of PR circus this field is.
Just think about this: when Apple closed these holes (silently), attacks had been going on for 1-2 years. Towards the end there were fairly cheap and reliable hack-my-exs-iphone services on the darknet.
They caught the people responsible, and convicted them, as the Wikipedia page describes in detail at the end. The actual perpetrators acknowledged they'd sent phishing emails to gain access.
Whether or not there was brute force rate limiting available at the time (which seems unclear), that's not related to the specific events you brought up.
And not getting matches on tinder doesn't necessarily mean you aren't photogenic. When I used it I didn't get many matches either. Later I went on a trip and swiped through Tinder out of boredom, I suddenly got a lot of matches. Not very helpful because I went back home the next day. I think it's important to remember that Tinder varies the "exposure" you get by a lot, for seemingly arbitrary reasons.
@OP Easier said than done, but try not to make too much out of this. I think the recommendation for doing some activities with others is a good idea.
