It was recently announced that a vulnerability has been found that allows people to change a users iCloud login credentials.
It seems as if a hacker can gain access to your account using a combination of birth date, email address and a "modified url"
At time of writing, Apple has taken down it's iForgot link that allows you to answer security questions to reset your password.
Apple also just announce a two step authentication process for accessing your account which we would strongly urge you set up. It currently takes 3 days from setting up to implementation to protect your account.
Here's the link from Apple that describes the process: Two Factor Authentication